Category: hacking

Auto Added by WPeMatico

Backdoor Found in Codecov Bash Uploader

Posted on By infossl
backdoors, credentials, hacking, Security technology, supply chain, Uncategorized

Developers have discovered a backdoor in the Codecov bash uploader. It’s been there for four months. We don’t know who put it there. Codecov said the breach allowed the attackers to export information stored in its users’ continuous integration (CI) environments. This information was then sent to a third-party server outside of Codecov’s infrastructure,” the … Read More “Backdoor Found in Codecov Bash Uploader” »

Biden Administration Imposes Sanctions on Russia for SolarWinds

Posted on By infossl
cyberespionage, espionage, hacking, national security policy, russia, Security technology, Uncategorized

On April 15, the Biden administration both formally attributed the SolarWinds espionage campaign to the Russian Foreign Intelligence Service (SVR), and imposed a series of sanctions designed to punish the country for the attack and deter future attacks. I will leave it to those with experience in foreign relations to convince me that the response … Read More “Biden Administration Imposes Sanctions on Russia for SolarWinds” »

Details on the Unlocking of the San Bernardino Terrorist’s iPhone

Posted on By infossl
apple, exploits, fbi, hacking, iphone, Security technology, terrorism, Uncategorized

The Washington Post has published a long story on the unlocking of the San Bernardino Terrorist’s iPhone 5C in 2016. We all thought it was an Israeli company called Cellebrite. It was actually an Australian company called Azimuth Security. Azimuth specialized in finding significant vulnerabilities. Dowd, a former IBM X-Force researcher whom one peer called … Read More “Details on the Unlocking of the San Bernardino Terrorist’s iPhone” »

Backdoor Added — But Found — in PHP

Posted on By infossl
authentication, backdoors, hacking, open source, Security technology, supply chain, Uncategorized

Unknown hackers attempted to add a backdoor to the PHP source code. It was two malicious commits, with the subject “fix typo” and the names of known PHP developers and maintainers. They were discovered and removed before being pushed out to any users. But since 79% of the Internet’s websites use PHP, it’s scary. Developers … Read More “Backdoor Added — But Found — in PHP” »

Malware Hidden in Call of Duty Cheating Software

Posted on By infossl
games, hacking, malware, privilege escalation, Security technology, social engineering, Uncategorized

News article: Most troublingly, Activision says that the “cheat” tool has been advertised multiple times on a popular cheating forum under the title “new COD hack.” (Gamers looking to flout the rules will typically go to such forums to find new ways to do so.) While the report doesn’t mention which forum they were posted … Read More “Malware Hidden in Call of Duty Cheating Software” »

Hacking Weapons Systems

Posted on By infossl
cyberattack, cyberweapons, hacking, infrastructure, military, national security policy, Security technology, Uncategorized, weapons

Lukasz Olejnik has a good essay on hacking weapons systems. Basically, there is no reason to believe that software in weapons systems is any more vulnerability free than any other software. So now the question is whether the software can be accessed over the Internet. Increasingly, it is. This is likely to become a bigger … Read More “Hacking Weapons Systems” »

Accellion Supply Chain Hack

Posted on By infossl
hacking, patching, Security technology, supply chain, Uncategorized, vulnerabilities

A vulnerability in the Accellion file-transfer program is being used by criminal groups to hack networks worldwide. There’s much in the article about when Accellion knew about the vulnerability, when it alerted its customers, and when it patched its software. The governor of New Zealand’s central bank, Adrian Orr, says Accellion failed to warn it … Read More “Accellion Supply Chain Hack” »

More on the Chinese Zero-Day Microsoft Exchange Hack

Posted on By infossl
china, cybersecurity, hacking, microsoft, patching, Security technology, Uncategorized, zero-day

Nick Weaver has an excellent post on the Microsoft Exchange hack: The investigative journalist Brian Krebs has produced a handy timeline of events and a few things stand out from the chronology. The attacker was first detected by one group on Jan. 5 and another on Jan. 6, and Microsoft acknowledged the problem immediately. During … Read More “More on the Chinese Zero-Day Microsoft Exchange Hack” »

Hacking Digitally Signed PDF Files

Posted on By infossl
academic papers, adobe, hacking, Security technology, signatures, Uncategorized

Interesting paper: “Shadow Attacks: Hiding and Replacing Content in Signed PDFs“: Abstract: Digitally signed PDFs are used in contracts and invoices to guarantee the authenticity and integrity of their content. A user opening a signed PDF expects to see a warning in case of any modification. In 2019, Mladenov et al. revealed various parsing vulnerabilities … Read More “Hacking Digitally Signed PDF Files” »

Chinese Hackers Stole an NSA Windows Exploit in 2014

Posted on By infossl
china, exploits, hacking, microsoft, nsa, Security technology, Uncategorized, windows

Check Point has evidence that (probably government affiliated) Chinese hackers stole and cloned an NSA Windows hacking tool years before (probably government affiliated) Russian hackers stole and then published the same tool. Here’s the timeline: The timeline basically seems to be, according to Check Point: 2013: NSA’s Equation Group developed a set of exploits including … Read More “Chinese Hackers Stole an NSA Windows Exploit in 2014” »