University College London, one of the world's leading universities, has been hit by a major cyber-attack.
The central London university, ranked last week in the world's top 10, says that a "widespread ransomware attack" began on Wednesday.
The researchers scanned the Internet for improperly configured services, such as the recently exploited Server Message Block (SMB) and Telnet that were respectively targeted in the WannaCry attack and attacks based on IoT botnets (i.e. Mirai, Persirai).
The experts counted 5.5 million machines with SMB port exposed, the data is alarming considering that prior May 2017, when WannaCry spread, the number of exposed devices was 4.7 million.
According to Rapid7, 800,000 of endpoints exposing Microsoft file-sharing services (SMB, TCP port 445) are Windows systems.
The number of fileless malware continues to increase, recently security researchers spotted a new Fileless Ransomware dubbed Sorebrect.
Sorebrect is able to inject malicious code into a legitimate system process (svchost.exe) on a targeted system and it terminates its binary to evade detection. It also make hard forensics analysis by deleting the affected system’s event logs using wevtutil.exe and shadow copies with vssadmin,and other artifacts such as files executed on the system.
SOREBRECT leveraged on Tor network to anonymize communications to command-and-control (C&C) server.
Unlike other ransomware, Sorebrect has been designed to specifically target enterprise’s systems in various industries (manufacturing, technology, and telecommunications), the malicious code it injects is tasked of file encryption on the local machine and connected network shares. The Sorebrect ransomware scans the local network for other connected systems with open shares and encrypts files stored on them.
Hundreds of commercial Wi-Fi routers are, or were, easily hackable by the CIA, according to classified files published today by WikiLeaks.
The confidential US government documents describe the Cherry Blossom project, which is the framework by which CIA operatives can subvert wireless routers; install software that harvests email addresses, chat usernames, MAC addresses and VoIP numbers; and allow man-in-the-middle attacks and browser redirection.
We're told Cherry Blossom, or at least version 5 of it, allows agents to infect both wireless and wired access points by installing a firmware upgrade dubbed FlyTrap that can be put on the device without needing physical access to it.
Flytrap can monitor internet traffic through the router, redirect web browser connections to websites that the CIA wants a target to see, proxy a target's network connections, and harvest and copy data traffic. It then sends it all back to a command and control system called Cherry Tree.
"The key component is the Flytrap, which is typically a wireless (802.11/WiFi) device (router/access point) that has been implanted with CB firmware," the documents state.
A 25-year-old broke into a DoD satellite communication system and doxed around 800 Department of Defense employees.
A British man has pleaded guilty to hacking into a US Department of Defense system stealing data from around 30,000 satellite phones, UK authorities announced on Thursday.
Sean Caffrey, a 25-year-old from the outskirts of Birmingham, admitted to breaking into a US military communications system on June 15, 2014, stealing "hundreds of user accounts." The hacker stole "ranks, usernames and email addresses of more than 800 users of a satellite communications system, as well as of about 30,000 satellite phones," according to a press release by the National Crime Agency, or NCA.
UK-based security consultancy Pen Test Partners said that the issue stems from a zero-day (unpatched) flaw in networking software from Chinese manufacturer XiongMai.
Pen Test Partners has been researching DVR security since February 2016, long before Mirai took out DNS provider Dyn in October 2016. The firm found a buffer overflow in the web interface that leaves more than one million devices vulnerable.
"This [flaw] leads to remote code execution and a wormable exploit," researchers warned. "Shodan [a search engine for internet-connected devices] shows ~1M devices available as of today, which would make for a nice botnet."