Information Security News
by Sean Gallagher
Russian Federation President Vladimir Putin acknowledged today that “patriotically minded” Russian hackers may have been responsible for the breach of the network of the Democratic National Committee and the e-mail accounts of members of Hillary Clinton's presidential campaign, as well as other attempts to interfere in the US presidential elections of 2016 to aid the campaign of Donald Trump.
The admission, which Putin made during comments at the St. Petersburg International Economic Forum, was a reversal of previous Kremlin denials of any Russian involvement in the information operations against Hillary Clinton and the Democrats. Putin continued to deny state involvement in the attacks, instead suggesting that the attacks were staged by Russians acting independently. “If they are patriotically minded, they start making their contributions—which are right, from their point of view—to the fight against those who say bad things about Russia,” he said.
Radio Free Europe posted an excerpt from the interview on Twitter:
WikiLeaks just published details of a purported CIA operation that turns Windows file servers into covert attack machines that surreptitiously infect computers of interest inside a targeted network.
"Pandemic," as the implant is codenamed, turns file servers into a secret carrier of whatever malware CIA operatives want to install, according to documents published Thursday by WikiLeaks. When targeted computers attempt to access a file on the compromised server, Pandemic uses a clever bait-and-switch tactic to surreptitiously deliver malicious version of the requested file. The Trojan is then executed by the targeted computers. A user manual said Pandemic takes only 15 seconds to be installed. The documents didn't describe precisely how Pandemic would get installed on a file server.
In a note accompanying Thursday's release, WikiLeaks officials wrote:
by Kelly Fiveash
OneLogin has admitted that the single sign-on (SSO) and identity management firm has suffered a data breach. However its public statement is vague about the nature of the attack.
An e-mail to customers provides a bit of detail—warning them that their data may have been exposed. And a support page that is only accessible to OneLogin account holders is even more worrying for customers. It apparently says that "customer data was compromised, including the ability to decrypt encrypted data."
OneLogin—which claims to offer a service that "secures connections across all users, all devices, and every application"—said on Thursday that it had "detected unauthorised access" in the company's US data region. It added in the post penned by OneLogin CISO Alvaro Hoyos:
Last week, at a customer, we received a forwarded emailin a shared mailbox. It was somebody from another department that shared an invitation for a webcast that could be interesting for you, guys!. This time, no phishing attempt, no malware, just a regular email sent from a well-known security vendor. A colleague was interested in the webcast and clicked on the registration link. He was redirected to a page and was surprised to see all the fields already prefilled with the personal details of the original recipient:
I found 31 hits containing an URL of the same format. Lets test some of them The online form for the other webcast session was indeed prefilled but... with the same values (the one of the first colleague). Hmmm Lets see if we have some cookies maybe? Yes, we have! Let width:300px" />
After more investigation, I found some links of the same format width:300px" />
Such information are a gold mine to set up a spear phishing attack! The attacker knows your details, your interests in the vendor products and that you attended a webinar on a specific date. Keep this in mind when sharing invitations outside a restricted audience!
Xavier Mertens (@xme)
ISC Handler - Freelance Security Consultant