Ethical Hacking

This story is kind of funny imo. One of the biggest marketplace for stolen credit card data called Biransclub recently got hacked which led to a theft of more than 26 million records. It’s speculated that the name Brian has been used after Brian Krebs (Krebsonsecurity.com guy). Per the article, “Last month, KrebsOnSecurity was contacted by a source who shared a plain text file containing what was claimed to be the full database of cards for sale both currently and historically through BriansClub[.]at, a thriving fraud bazaar named after this author. Imitating my site, likeness and namesake, BriansClub even dubiously claims a copyright with a reference at the bottom of each page: “© 2019 Crabs on Security.”

Multiple people who reviewed the database shared by my source confirmed that the same credit card records also could be found in a more redacted form simply by searching the BriansClub Web site with a valid, properly-funded account.

All of the card data stolen from BriansClub was shared with multiple sources who work closely with financial institutions to identify and monitor or reissue cards that show up for sale in the cybercrime underground.”

The article provides more detail on the timeline of the events.

Source Link: https://krebsonsecurity.com/2019/10/briansclub-hack-rescues-26m-stolen-cards/

Apple integrated the “Tencent Safe Browsing” service to power its “Fraudulent Website Warning” feature in the Safari web browser for both iOS and macOS. Just like the Safe Browsing feature in Chrome and Mozilla Firefox, Safari’s fraudulent website warning feature has also been designed to protect users from various online threats by simply checking every website they visit against a regularly updated list of malicious websites. Now having Tencent on the same list, Apple is also giving the same privileges to the Chinese company as of Google.

This article addressed people’s concerns about the safety issue of sharing their data with Tencent. It is true, but I think Apple uses business strategy because Google services are banned in China and they tried to protect Chinese users’ privacy. Apple uses a smart to comfort users’ concern by offering users the manual approach to turn off fraudulent website warnings.

https://thehackernews.com/2019/10/apple-safari-safebrowsing-tencent.html

The “sudo” command (that lets Linux or Unix-based users run tasks with elevated permissions) had a flaw that allowed a user with sufficient sudo privileges to run commands as root even if the Runas specification explicitly disallows root access as long as the ALL keyword is listed first in the Runas specification.  This bug can be exploited by an attacker to run commands as root just by specifying the user ID “-1” or “4294967295”.  The function that converts user id into username incorrectly treats -1 or 4294967295 (its unsigned equivalent) as 0, which is the user ID of root.  Users can fix this flaw by updating the sudo package to 1.8.28 or newer.

sudo -u#-1 id -u
or
sudo -u#4294967295 id -u

Source:

https://thehackernews.com/2019/10/linux-sudo-run-as-root-flaw.html

https://www.sudo.ws/alerts/minus_1_uid.html

https://www.afcea.org/content/?q=node/17477/

I found this article interesting because it gives some insight into how we, as a society, can deal with the modern cyber climate/ransomware, by learning from what we did with the last major hurdle to hit the IT space: Y2K. Looking back, many say that Y2K was a “non-event” that was over-hyped. The reality is that it was a non-event, because of the massive efforts that organizations put in, to fix the problem before it happened.

“Several themes common with Y2K play out today. CIOs and CISOs need to know what applications and devices they actually have—it is time for asset discovery and documentation. It is also time to move away from an “if it isn’t broken, don’t fix it” mentality that keeps outdated equipment and software, increasing cyber risk. While Y2K was the single biggest driver for adopting packaged, off-the-shelf software, today cyber concerns are moving data to the cloud. And as with Y2K, cybersecurity has stirred up fears, becoming a board room discussion. Among C-suite executives, it has generated a lot of review and exercise of business contingency plans.

In some ways, it seems as if we are back at the same starting point as with Y2K: having to convince the powers that be that we have a continuing and growing problem amid actions that are not congruent with a holistic national or global framework to achieve the required objective. The cyber bug appears to be larger than life because we neither approach it in a synergistic way, nor are U.S. and international laws in place to address underlying causes. Lawmakers cannot even agree on common security standards for the IoT.”

Cyber attackers infected 800,000 users with banking information stealing malware – but mistakes have allowed researchers to look behind the scenes of a successful hacking campaign.

A giant botnet and banking trojan malware operation has infected hundreds of thousands of Android users since at least 2016 – but mistakes by the group have revealed details of the campaign and how they operate.

Dubbed the Geost botnet after a name repeatedly found in the attackers’ command and control servers, the operation has been discovered by researchers from Czech Technical University, UNCUYO University in Argentina, and cybersecurity company Avast, who detailed their findings at the Virus Bulletin 2019 conference in London.

The campaign is believed to have infected up to 800,000 Android users and has potentially provided the attackers with access to bank accounts along with information about the names of victims, their type of phone and their location.

https://www.zdnet.com/article/a-huge-android-trojan-malware-campaign-was-discovered-after-the-gang-behind-it-made-basic-security-mistakes/