Category: News

An estimated 35 million voters information from 19 states went up for sale on a dark web hacking forum. This was uncovered last Monday, October 15, by researchers from Anomali Labs and leading cybercrime intelligence provider, Intel 471. The discovery came just four weeks before the scheduled November 2018 US midterm elections. The data being sold contain full names, physical addresses, phone numbers, and voting history.

The hacked voter records came from the following states:

• Georgia
• Idaho
• Iowa
• Kansas
• Kentucky
• Louisiana
• Minnesota
• Mississippi
• Montana
• New Mexico
• Oregon
• South Carolina
• South Dakota
• Tennessee
• Texas
• Utah
• West Virginia
• Wisconsin
• Wyoming

Out of the mentioned 19 states, 3 states alone comprise 23 million records – Texas (14 million), Wisconsin (6 million), and Louisiana (3 million). They were offered for prices between $1,300 and $12,500. For the remaining 16 states, no record counts were provided but their price ranges from $150 to as high as $4,000.

From Anomali Labs:

“Of note, the seller indicates they receive weekly updates of voter registration data across the states and that they receive information via contacts within the state governments. Certain states require the seller to personally travel to locations in-state to receive the updated voter information. This suggests the information disclosure is not necessarily a technical compromise but rather a likely targeted campaign by a threat actor redistributing possibly legitimately obtained voter data for malicious purposes on a cybercrime forum.

To our knowledge, this represents the first reference on the criminal underground of actors selling or distributing lists of 2018 voter registration data, including US voters’ personally identifiable information and voting history. With the November 2018 midterm elections only four weeks away, the availability and currency of the voter records, if combined with other breached data, could be used by malicious actors to disrupt the electoral process or pursue large-scale identity theft.”

U.S. Department of Homeland Security (DHS) said in a report titled “Threats to Precision Agriculture” that there is an imminent risk and cybersecurity threats relating to the technology used by the agricultural industry. Simply known as precision agriculture, this technology relies on IoT or what is known as the Internet of Things. It aims to improve agricultural and livestock management through GPS, remote sensors and communication systems supporting them. Its adoption has significantly widened thus also increasing the potential security risks associated to it.

Based on the report, threat scenarios like malware infection, phishing, and incorrect usage of external drives like USBs could compromise automated systems with the deployment of precision agriculture. If any of these happen, it can lead to data loss, equipment destruction, loss of resources, and reputational damage. It can also put confidential data at risk for theft.

Best practices were also discussed in the said report which could mitigate the threats.

“Adoption of information security standards for precision agriculture is important for the future success of precision agriculture, along with industry efforts for equipment interoperability and data use / privacy. Vetted best practices, borne from hard experience learned in other sectors which have proceeded agriculture in the digital revolution, offer a proven path for data security.”

The US Department of Justice has announced this week that it has sentenced Nigerian Onyekachi Emmanuel Opara (30) of Lagos, Nigeria to 5 years prison time and was ordered to pay $2.54 million for defrauding victims in its Business Email Compromise (BEC) scam. Opara ran his fraudulent scams for two years (2014-2016) along with co-defendant David Chukwuneke Adindu targeting thousands of victims worldwide including the following countries:

• Australia
• New Zealand
• Singapore
• Sweden
• Switzerland
• United Kingdom
• United States

The sentence was served in Manhattan federal court. Adindu was already sentenced last December 14, 2017 to 41 months in prison and was also ordered to pay about $1.4 million in restitution.

This type of scam, BEC (also known as ‘CEO Fraud’), is very profitable since it only needs to be successful a few times to be highly cost-effective for the criminals. For his operation, Opara sent fake emails to employees of the victim companies pretending to be from their supervisors or from third-party vendors or partners which they had held business relationships with. Because the messages were sent from email account domains that appear to be similar to the true domains of respectable companies or spoofed from legitimate addresses, recipients are easily deceived.

Aside from his BEC scam, the 30-year old fraudster also registered to dating websites posing as an attractive young woman named “Barbara”. He was able to engage in romantic relationships through this and convince individuals in the US to send him money overseas or to accept funds from his BEC scams so he can hide the money trail.

Opara was arrested in December 22, 2016 in Johannesburg, South Africa. He was extradited to the United States a month later, pleading guilty just last April for conspiracy to commit wire fraud and wire fraud leading to his incarceration.

Despite being charged by US authorities last March for cyber-attacks, Iran-based hackers Cobalt Dickens or Silent Librarian has continued its phishing operations. They have now been targeting universities and academic institutions around the world in a bid to steal intellectual property.

In these latest wave of attacks, the group allegedly stole information from a total of 76 universities located in 14 countries including the following:

• United Kingdom
• United States
• Canada
• China
• Switzerland
• Australia
• Israel
• Japan
• Turkey

They have also targeted 47 US and foreign private sector companies, including the US Department of Labor and the United Nations.

The hack involved creating spoofed websites resembling that of the login pages for the said 76 universities. An estimated 16 domains contained over 300 spoofed websites including online libraries.

Targets are sent links to the fraudulent domains through phishing emails. Those who have fallen prey and filled in their credentials into the fake pages would have handed the group their login details. After “successfully” logging in, users are then sent onwards to the real service while this information is saved by the cyberattackers to gain access to legitimate systems.

Several computer systems at the PGA of America were recently hijacked with a ransomware. On Tuesday morning, August 7, staff discovered that their system had been compromised when ransom notes started appearing on their screen: “Your network has been penetrated. All files on each host in the network have been encrypted with a strong algorythm [sic].” It locked down critical files and demanded cryptocurrency for their return. The association has to transfer bitcoin to the hackers or risk losing their files forever.

The notice includes a bitcoin wallet address where the funds will be sent and a pair of encrypted email addresses. The amount of ransom was not specified but the hackers, proving their “honest intentions” and “good faith”, said they would unlock two files for free.

According to a report from Golfweek, the files contained creative materials for the PGA Championship at Bellerive and next month’s Ryder Cup in France. That includes extensive promotional banners and logos used in digital and print communications, and on digital signage around the grounds at Bellerive. The stolen files also include development work on logos for future PGA Championships. Some of the work began more than a year ago and cannot be easily replicated.

Following the advice of law enforcement agencies and cybersecurity experts, an anonymous source told Golfweek that PGA officials had no intention to meet or pay any extortion demands. The network remained locked. Complete control of the servers were not yet regained and external researchers are still currently investigating.

As of the moment, PGA of America has declined to comment on this matter. As the PGA Championship kicks off at Bellerive, the tournament has been unaffected so far and is slated to continue as per the usual schedule.

Security researchers have recently uncovered a massive cryptojacking campaign that relies on compromised MikroTik routers. It targets these routers to conduct cryptocurrency mining by changing its configuration. It injects a copy of the Coinhive in-browser cryptocurrency mining script into every web page that a user visited.

The campaign has taken off the ground this week and was in its initial stages. It mainly focused on compromising devices located in Brazil but later began targeting MikroTik routers in other geo-locations all over the world. In total, 210,000 MikroTik routers have been compromised.

The hack exploits a security flaw in Winbox, a remote management service bundled in MikroTik routers’ operating system, RouterOS.  This flaw was was reportedly discovered early this year (April 2018) but accordingly patched the next day.

If you own a MikroTik router, it is advised that you should install the the latest MikroTik firmware as soon as possible. Also, as an added precaution, security mechanisms such as firewalls should always be enabled.

364 inmates from five Idaho prisons exploited a vulnerability in their prison-issued tablets to issue themselves nearly $225,000 worth of digital credits to their accounts. They were able to crack and leverage a software vulnerability on their JPay tablets to increase their balances. The transferred credits were then used to buy music, ebooks and games.

The Idaho Department of Correction (DOC) discovered the hack earlier this month. They emphasized though that no real money was stolen and that the credits did not involve taxpayer dollars.

For a few years now, tablets are allowed at low-security level prisons across the United States. This gives the inmates the privilege to email their families, access educational materials, read news, and even purchase music and simple computer games. They’ve been offered through a contract between JPay and CenturyLink.

Prison officials have already reprimanded the inmates involved in the hacking. They have been charged with a disciplinary offense and lost various privileges. They may also be reclassified to a higher security risk level.

According to the DOC, JPay has managed to recover $65,000 worth of digital credits from the 364 inmate accounts. It has also blocked the inmates involved from being able to download music and games until the company is compensated for their losses.

Over the weekend of July 14, North Carolina-based LabCorp, United States’ biggest blood testing laboratories network, forced a shutdown on its IT network after hackers breached into their system.

As part of its breach response policy, the company immediately took various portions of its systems offline to contain the hack.

Excerpts from the form 8-K they filed with the Securities and Exchange Commission read:

“LabCorp detected suspicious activity on its information technology network.”

“LabCorp immediately took certain systems offline as part of its comprehensive response to contain the activity,”

“Work has been ongoing to restore full system functionality as quickly as possible”

The breach could potentially expose millions of patient records at risk. Taken from their webpage: LabCorp provides diagnostic, drug development and technology-enabled solutions for more than 115 million patient encounters per year.

The company, however, is trying to downplay the incident assuring their customers not to worry.

“At this time, there is no evidence of unauthorized transfer or misuse of data. LabCorp has notified the relevant authorities of the suspicious activity and will cooperate in any investigation,” it said in its statement.

FBI is currently monitoring the situation and LabCorp is required to alert customers whose data were compromised within 60 days.

Healthcare organizations are often the target of hackers and cybercriminals for data breaches because it is believed that the highly sensitive data they keep on records is worth a lot when sold online.

Security firm Recorded Future has discovered that last month, an unidentified hacker stole sensitive military documents and tries to sell it online via hacking forums. The selling price for such docs run as low as $150 – $200. The data was allegedly hacked from the computer of an Air Force officer. It said to contain sensitive information about the MQ-9A Reaper drone that is used for overseas strikes and surveillance missions. This could give an enemy clues into its technical capabilities and potential weaknesses.

However, the firm confirmed that there was no evidence the mystery hacker was tied to a foreign country. It posed as a potential buyer and based on their exchanged messages with the mystery hacker, the firm suspects that he/she could be from South America because the communication is sometimes in Spanish and of broken English.

Also for sale are various training manuals such as a crewman training and survival manual, deployment tactics manual for improvised explosive devices (IED), and a tank operation manual.

Recorded Future already informed Homeland Security about the alleged hack and so the hacker was blocked from selling the said sensitive documents while the issue is currently being investigated.

According to reports gathered online, an unusual glitch is affecting Samsung users causing the default Samsung Messages app to send random photos to their list of contacts. Since the messages were sent without consent (and apparently with no evidence), users were only made aware of the bug once they get a reply from someone who received their photos.

The issue appears to be limited though only to the newer Samsung Galaxy devices – the S9, S9 Plus, and Note 8.  The images sent seem to be just random picks from the user’s photo gallery.

Samsung, on their part, has already acknowledged the said reports. “We are aware of the reports regarding this matter and our technical teams are looking into it. Concerned customers are encouraged to contact us directly at 1-800-SAMSUNG.”

For the time being, concerned Samsung owners can resort to other messaging applications or simply disable sending photos entirely via their phone settings. This can be done by going to Settings > Apps > Samsung Messages > Permissions > Storage. By doing so, it should prevent the pre-installed Samsung Messages app to access the photo gallery by disabling its storage permissions.

It is also recommended that users may hold off installing the latest Samsung Messages update until the company will be able to fix the issue.