hacking – Page 20 – SSL and internet security news

New Attack Against Electrum Bitcoin Wallets

January 7, 2019 infossl

bitcoin, cryptocurrency, fraud, hacking, Security technology, twofactorauthentication

This is clever: How the attack works: Attacker added tens of malicious servers to the Electrum wallet network. Users of legitimate Electrum wallets initiate a Bitcoin transaction. If the transaction reaches one of the malicious servers, these servers reply with an error message that urges users to download a wallet app update from a malicious … Read More “New Attack Against Electrum Bitcoin Wallets” »

China’s APT10

December 31, 2018 infossl

china, hacking, nsa, Security technology

Wired has an excellent article on China’s APT10 hacking group. Specifically, on how they hacked managed service providers in order to get to their customers’ networks. I am reminded of the NSA’s “I Hunt Sysadmins” presentation, published by the Intercept. Powered by WPeMatico

Marriott Hack Reported as Chinese State-Sponsored

December 13, 2018 infossl

attribution, china, hacking, hotels, Security technology

The New York Times and Reuters are reporting that China was behind the recent hack of Mariott Hotels. Note that this is still uncomfirmed, but interesting if it is true. Reuters: Private investigators looking into the breach have found hacking tools, techniques and procedures previously used in attacks attributed to Chinese hackers, said three sources … Read More “Marriott Hack Reported as Chinese State-Sponsored” »

Banks Attacked through Malicious Hardware Connected to the Local Network

December 7, 2018 infossl

banking, cybercrime, hacking, hardware, malware, Security technology, theft, usb

Kaspersky is reporting on a series of bank hacks — called DarkVishnya — perpetrated through malicious hardware being surreptitiously installed into the target network: In 2017-2018, Kaspersky Lab specialists were invited to research a series of cybertheft incidents. Each attack had a common springboard: an unknown device directly connected to the company’s local network. In … Read More “Banks Attacked through Malicious Hardware Connected to the Local Network” »

That Bloomberg Supply-Chain-Hack Story

November 30, 2018 infossl

backdoors, china, dhs, hacking, hardware, Security technology, supplychain

Back in October, Bloomberg reported that China has managed to install backdoors into server equipment that ended up in networks belonging to — among others — Apple and Amazon. Pretty much everybody has denied it (including the US DHS and the UK NCSC). Bloomberg has stood by its story — and is still standing by … Read More “That Bloomberg Supply-Chain-Hack Story” »

More Spectre/Meltdown-Like Attacks

November 14, 2018 infossl

hacking, hardware, intel, Security technology, vulnerabilities

Back in January, we learned about a class of vulnerabilities against microprocessors that leverages various performance and efficiency shortcuts for attack. I wrote that the first two attacks would be just the start: It shouldn’t be surprising that microprocessor designers have been building insecure hardware for 20 years. What’s surprising is that it took 20 … Read More “More Spectre/Meltdown-Like Attacks” »

How to Punish Cybercriminals

November 2, 2018 infossl

cyberattack, cybercrime, hacking, reports, Security technology

Interesting policy paper by Third Way: “To Catch a Hacker: Toward a comprehensive strategy to identify, pursue, and punish malicious cyber actors“: In this paper, we argue that the United States currently lacks a comprehensive overarching strategic approach to identify, stop and punish cyberattackers. We show that: There is a burgeoning cybercrime wave: A rising … Read More “How to Punish Cybercriminals” »

China’s Hacking of the Border Gateway Protocol

October 24, 2018 infossl

academicpapers, bgp, china, hacking, Security technology

This is a long — and somewhat technical — paper by Chris C. Demchak and Yuval Shavitt about China’s repeated hacking of the Internet Border Gateway Protocol (BGP): “China’s Maxim Leave No Access Point Unexploited: The Hidden Story of China Telecom’s BGP Hijacking.” BGP hacking is how large intelligence agencies manipulate Internet routing to … Read More “China’s Hacking of the Border Gateway Protocol” »

Another Bloomberg Story about Supply-Chain Hardware Attacks from China

October 11, 2018 infossl

china, hacking, hardware, implants, Security technology, surveillance

Bloomberg has another story about hardware surveillance implants in equipment made in China. This implant is different from the one Bloomberg reported on last week. That story has been denied by pretty much everyone else, but Bloomberg is sticking by its story and its sources. (I linked to other commentary and analysis here.) Again, I … Read More “Another Bloomberg Story about Supply-Chain Hardware Attacks from China” »

New Variants of Cold-Boot Attack

September 24, 2018 infossl

firmware, hacking, hardware, operatingsystems, Security technology

If someone has physical access to your locked — but still running — computer, they can probably break the hard drive’s encryption. This is a “cold boot” attack, and one we thought solved. We have not: To carry out the attack, the F-Secure researchers first sought a way to defeat the the industry-standard cold boot … Read More “New Variants of Cold-Boot Attack” »