Tag Archives: Singapore

Security News for the Week Ending June 12, 2020

Singapore Updates Contact Tracing App

Singapore is not exactly a democracy, so this isn’t a complete surprise. They are updating their contact tracing app to include foreigner’s passport number and scanning of barcodes to facilitate tracking when someone enters a store or mall or restaurant. They would like the program to run in the background, but Apple does not allow Bluetooth to be active in the background, so the software doesn’t work right on iPhones. So, for iPhone users, people who don’t have smartphones and people who won’t install the app, they are working on building a wearable device to perform the same function and possibly issuing a device to everyone in the country. Credit: ZDNet

Indian IT Company Ran Hack for Hire Operation

BellTroX, a small Indian IT company based in Delhi, ran (allegedly) a hack-for-hire operation that targeted thousands of high profile politicians, investors and journalists on six continents over the last 7 years. Initially thought to be state sponsored, investigators now think they were just in it for the money. The group is known as Dark Basin by researchers, who have begun to unravel their work and notify hacked individuals. Credit: The Hacker News

Thanos Ransomware as a Service Weaponizes RIPlace Vulnerability

Thanos Ransomware as a Service tool weaponizes the Windows RIPlace attack tactic. RIPlace is a technique that uses a legacy API to bypass enpoint protection (AKA anti-virus) tools. That that Thanos is available as a service to any wanna hacker, expect to see even more ransomware attacks. The Thanos developer continues to add features including a light version (as in less features) and a company (full featured) version. Credit: Threatpost

Copy Protection Comes in Many Flavors

GE has, apparently, “copy protected” the water filters for their refrigerators so that you cannot use a $13 filter that is physically the same and have to pay GE $55 for their filter.

One customer was sufficiently annoyed that he bought a domain, www.GEFilterGate.com and explained how to “hack” GE’s refrigerator. All you have to do it take GE’s RFID tag off a legit filter and put it in the right place on the fake GE filter. I am not sure if it is legal, but that was one ticked off user. Credit: Vice

Federal Agencies Spending Millions on Crossbow

Crossbow, AKA Stingray, version 2, has been purchased by multiple federal agencies including ICE. Stingray is a device made by Harris to intercept cell phone traffic and is used by the military. They are also being used by federal, state and local governments, including during protests. Think of it as a cell tower in a small suitcase. Whether version 1 or version 2, they can be used to track down fugitives or surveil anyone, anywhere. We have reports of finding many Stingrays around Washington, DC, likely placed there by UNfriendly countries. Harris was so keen to keep information about the Stingray quiet that police regularly dropped charges rather than reveal information. Assume that Crossbow will be the same. Credit: Vice

Security News for the Week Ending May 8, 2020

The Contact Tracing Horror Begins

The UK is now saying that all of the contact data that they are collecting from the app people install on their smart phones – that data may be kept by the government forever and no, you can’t ask them to delete it. Credit: The Register

Singapore will require smartphone checkins including people’s national identity number at all businesses. People have to both check in and check out. But, not to worry, it will only be used by “authorised” people. Not only will you have to do that when you enter a business, but also when you go to the mall or the park. Credit: The Register

And India made contract tracing app mandatory in ‘hot-spots’, which could be a problem given that half the population does not own a smart phone. Credit: The Register

Governments have found a great new source of data to mine and sell.

Hackers Have Figured Out How to Make a Plane Go Up or Down at up to 3,000 feet a minute

TCAS, the collision avoidance system that the aircraft industry and governments have adopted to ‘discourage’ planes from crashing into one another by telling two planes that are close to one another to move in opposite directions from each other, is, apparently, susceptible to hacking.

The hack works by presenting phantom data to a plane that it is about to collide and needs to dive or climb. Some TCAS systems can even take over the controls. As I recall, TCAS has no security protocol as part of the system and just trusts the data it receives.

While technically pilots can disable the system to mitigate the risk, we saw how well that concept worked with the now-grounded 737 Maxs. Pilot tend to trust their instruments way more than they should. Credit: The Register

Hacking Campaign Targets 900,000 WordPress Sites

Hackers targeting WordPress sites that are not current on their patches. Wordfence security saw 20 million attack attempts on over a half million servers on May 3rd alone. The attack redirects visitors to malvertising and administrators get to deploy a free backdoor for the hackers. If you are not running Wordfence on your WordPress site, do that now. If you are not current on your patches, well, it might be too late. Credit: Bleeping Computer.

Covid-19 Themed Phishing Subjects

As Coronavirus becomes the topic of the day, hackers are using themes like these:

  • Because of COVID-19, payroll is making adjustments and we need to update account information (see hyperlink)
  • Your office location is closed, please remote in today (see hyperlink)
  • Al employees are asked to sign in (see hyperlink) and update their wellness status
  • Relief donations are being solicited (see hyperlink)

Now would be a good time to up your anti-phishing training, but be understanding that this is likely a stressful time for employees. Credit: NCMS mailing list

Ransomware. Ransomware. Ransomware

New York based law firm Grubman Shire Meiselas & Sacks, who represents dozens of A-List artists such as Madonna, Lady Gaga, Elton John, Robert de Niro and many others was hacked by the Sodinokibi ransomware group.

The hackers claim to have stolen over 750 GB of data and has published snippets of a number of documents. This hacking group is very financially successful. Given who the clients are, money is not an object and their ability to sue this law firm out of existence is also probably a good guess.

I suspect a ransom payment will be made. Not in Bitcoin – too traceable. These guys only accept Monero.

For companies that store any kind of sensitive information, this is a heads up. We are hearing about this happening (stealing your information and demanding a ransom not to publish it) every single day. Good backups will not protect you from this type of attack. Credit: Bleeping Computer