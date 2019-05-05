Security: Firmware, Amazon, NSA-Windows, JavaScript, Kali Linux, Alpine Linux and Dharma Ransomware for Windows
Why open source firmware is important for security
[...] I hope this gave you some insight into what’s being built with open source firmware and how making firmware open source is important! If you would like to help with this effort, please help spread the word. Please try and use platforms that value open source firmware components. Chromebooks are a great example of this, as well as Purism computers. You can ask your providers what they are doing for open source firmware or ensuring hardware security with roots of trust. Happy nerding!
Amazon Hit by Extensive Fraud With [Attackers] Siphoning Merchant Funds
Amazon believes it was the victim of a "serious" online attack by [fraudsters] who broke into about 100 seller accounts and funneled cash from loans or sales into their own bank accounts, according to a U.K. legal document. The [attack] took place between May 2018 and October 2018, Amazon’s lawyers said in a redacted filing from November that can now be made public.
Chinese Spies Intercepted NSA [Windows] Malware Attack, Weaponized It Against Targets Around The World
You don't own the exploits you've created. That's the lesson the NSA has learned over the past few years as its hacking tools have made their way into the public domain via leaks. Of course, the harshest parts of this lesson have been felt by the general public, rather than the NSA, however. The leaked tools were swiftly repurposed to generate a new strain of ransomware, which took down dozens of businesses and government services around the world.
But it's not just a random assortment of internet baddies wreaking havoc with NSA hacking tools and exploits. It's also state-sponsored hackers making use of these tools. A report from Symantec shows other nations are more than willing to turn our state-sponsored attacks against us -- demonstrating the danger of engaging in a cyberwar using weaponized code.
How Chinese Spies Got the N.S.A.’s Hacking Tools, and Used Them for Attacks
[...]
The N.S.A. used sophisticated malware to destroy Iran’s nuclear centrifuges — and then saw the same code proliferate around the world, doing damage to random targets, including American business giants like Chevron. Details of secret American cybersecurity programs were disclosed to journalists by Edward J. Snowden, a former N.S.A. contractor now living in exile in Moscow. A collection of C.I.A. cyberweapons, allegedly leaked by an insider, was posted on WikiLeaks.
“We’ve learned that you cannot guarantee your tools will not get leaked and used against you and your allies,” said Eric Chien, a security director at Symantec.
Now that nation-state cyberweapons have been leaked, hacked and repurposed by American adversaries, Mr. Chien added, it is high time that nation states “bake that into” their analysis of the risk of using cyberweapons — and the very real possibility they will be reassembled and shot back at the United States or its allies.
In the latest case, Symantec researchers are not certain exactly how the Chinese obtained the American-developed code. But they know that Chinese intelligence contractors used the repurposed American tools to carry out cyberintrusions in at least five countries or territories: Belgium, Luxembourg, Vietnam, the Philippines and Hong Kong. The targets included scientific research organizations, educational institutions and the computer networks of at least one American government ally.
Unless you want your payment card data skimmed, avoid these commerce sites
More than 100 e-commerce sites around the world are infected with malicious code designed to surreptitiously skim payment card data from visitors after they make purchases, researchers reported on Wednesday. Among those infected are US-based websites that sell dental equipment, baby merchandise, and mountain bikes.
In total, researchers with China-based Netlab 360 found 105 websites that executed card-skimming JavaScript hosted on the malicious domain magento-analytics[.]com. While the domain returns a 403 error to browsers that try to visit it, a host of magento-analytics[.]com URLs host code that’s designed to extract the name, number, expiration date, and CVV of payment cards that are used to make purchases. The e-commerce sites are infected when the attackers add links that cause the malicious JavaScript to be executed.
21 Best Kali Linux Tools for Hacking and Penetration Testing
Here’s our list of best Kali Linux tools that will allow you to assess the security of web-servers and help in performing hacking and pen-testing.
If you read the Kali Linux review, you know why it is considered one of the best Linux distributions for hacking and pen-testing and rightly so. It comes baked in with a lot of tools to make it easier for you to test, hack, and for anything else related to digital forensics.
It is one of the most recommended Linux distro for ethical hackers. Even if you are not a hacker but a webmaster – you can still utilize some of the tools to easily run a scan of your web server or web page.
In either case, no matter what your purpose is – we shall take a look at some of the best Kali Linux tools that you should be using.
Note that not all tools mentioned here are open source.
Alpine Linux Docker Image root User Hard-Coded Credential Vulnerability
Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the root user. This vulnerability appears to be the result of a regression introduced in December t2015. Due to the nature of this issue, systems deployed using affected versions of the Alpine Linux container that utilize Linux PAM, or some other mechanism that uses the system shadow file as an authentication database, may accept a NULL password for the root user.
Alpine Linux Docker images ship a root account with no password
Alpine Linux Docker images distributed via the official Docker Hub portal for the past three years and a half have been using a blank (NULL) password for the root account, security researchers from Cisco have revealed today.
All Alpine Linux Docker images, since v3.3, are impacted, Cisco Talos said today in a security alert.
The issue was first discovered back in August 2015, patched in November, then accidentally re-opened three weeks later, in December 2015, only to be re-discovered again by a Cisco Umbrella researcher in January this year. The issue was initially thought to impact only the Glider Labs Alpine Linux Docker image, but it was later discover to impact the official image as well.
Dharma Ransomware Installs Antivirus On [Windows] PC Only To Encrypt Files Later
The two malicious files are taskhost.exe and Defender_nt32_enu.exe. The first file activates the Dharma Ransomware itself as RANSOM.WIN32.DHARMA.THDAAAI.
Dharma Ransomware Uses AV Tool to Distract from Malicious Activities
The downloaded file is a self-extracting archive named Defender.exe, which drops the malicious file taskhost.exe as well as the installer of an old version of ESET AV Remover renamed as Defender_nt32_enu.exe. Trend Micro identifies taskhost.exe as a file connected to the Dharma ransomware (detected as RANSOM.WIN32.DHARMA.THDAAAI)
