Monero project compromised

Introduction Earlier this evening I saw a tweet appear which claimed Monero has been hacked and a malicious binary (instead of the real one) has been served: Post on Reddit:

Github issue:

Hancitor infection with Pony, Evil Pony, Ursnif, and Cobalt Strike, (Wed, Nov 20th)


Hancitor (also known as Chanitor or Tordal) is malware spread through malicious spam (malspam).  Hancitor infections most often include Pony and Evil Pony as follow-up malware.  Hancitor also pushed Zeus Panda Banker as additional follow-up malware until November 2018, when it switched from Zeus Panda Banker to Ursnif.  Follow-up malware usually remained Pony, Evil Pony, and/or Ursnif until July 2019, when we started seeing Cobalt Strike as additional follow-up malware.

Senator Introduces Bill That Would Block US Companies From Storing Data In China

An anonymous reader quotes a report from The Hill: Sen. Josh Hawley (R-Mo.) on Monday introduced a bill that would curtail the flow of sensitive information about people in the U.S. to China through large tech companies like Apple and TikTok. Hawley’s legislation would place new and wide-reaching limitations on companies with ties to China such as TikTok, the mega-popular social media platform owned by a Chinese firm, and Apple, an American company that builds many of its components in mainland China.

The bill, called the National Security and Personal Data Protection Act, would subject a litany of companies with ties to countries of “national security concern,” including Russia and China, to a new privacy regime. Sens. Tom Cotton (R-Ark.) and Marco Rubio (R-Fla.) also signed onto the bill on Monday. Hawley’s bill would apply to tech companies that are subject to Chinese or Russian law, or are under the jurisdiction of those countries in a way that would allow those governments to access user data without “respect for civil liberties and privacy,” according to the bill. Those companies would not be allowed to collect private data beyond what is required to run their services or transfer data on U.S. users to countries of concern. They would also be required to store information on U.S. users in the United States itself, and would have to submit a yearly report proving their compliance with the law once a year to the Federal Trade Commission, the U.S. attorney general, and all state attorneys general.

Disney+ Fans Without Answers After Thousands Hacked

Many Disney+ users who have had their accounts stolen and put up for sale on the dark web say that Disney has yet to sort their problems. The firm says it does not believe its systems have been compromised, suggesting that members’ details have been stolen by other means. The BBC reports: On November 12, its first day live, people had technical problems and many complained on social media. Others said they were locked out of their accounts, and since they contacted Disney they have not heard back. According to an investigation by ZDNet, thousands of user accounts went on sale on the dark web. Only hours after the service launched, hackers were selling Disney+ accounts for as little as $3. A subscription to the service costs $7 a month. With the help of a cyber-security researcher, the BBC also found several hacked customer accounts for sale on the dark web.

Many say they used unique userIDs and passwords to access the streaming platform. But Jason Hill, a lead researcher with CyberInt, says it looks like many were stolen because people use the same passwords for different sites. Mr Hill said that hackers can lift someone’s password from a different site which has previously been hacked and then try it on a new site, like Disney+. If it works, they steal the account. The streaming service does not have two-factor authentication. Others are concerned because they can use their Disney+ login to access other products the company provides, like the Disney store and its recreation parks.

Identify unused IAM roles and remove them confidently with the last used timestamp

As you build on AWS, you create AWS Identity and Access Management (IAM) roles to enable teams and applications to use AWS services. As those teams and applications evolve, you might only rely on a sub-set of your original roles to meet your needs. This can leave unused roles in your AWS account. To help you identify these unused roles, IAM now reports the last-used timestamp that represents when a role was last used to make an AWS request. You or your security team can use this information to identify, analyze, and then confidently remove unused roles. This helps you improve the security posture of your AWS environments. Additionally, by removing unused roles, you can simplify your monitoring and auditing efforts by focusing only on roles that are in use. You can review when a role was last used to access your AWS environment in the IAM console, using the AWS Command Line Interface (AWS CLI), or AWS SDK.

A racist cop bullies two black men for “acting suspicious,” and he actually gets fired

Crazed Indiana officer Daryl Jones was fired after bullying two black men for “acting suspicious” after they bought a bunch of goods from Nordstrom Rack.
The unhinged officer came up to the men, who were sitting in their car in front of the department store, and asked for their ID. When the Nordstrom customers repeatedly asked why, the officer’s only response was that they were acting suspicious. When they asked for the officer’s name, he wouldn’t give it to them. When they questioned his behavior, he said, “I got my rights to do anything I want to do, I’m a police officer.”

Add defense in depth against open firewalls, reverse proxies, and SSRF vulnerabilities with enhancements to the EC2 Instance Metadata Service

Since it first launched over 10 years ago, the Amazon EC2 Instance Metadata Service (IMDS) has helped customers build secure and scalable applications. The IMDS solved a big security headache for cloud users by providing access to temporary, frequently rotated credentials, removing the need to hardcode or distribute sensitive credentials to instances manually or programatically. Attached locally to every EC2 instance, the IMDS runs on a special “link local” IP address of that means only software running on the instance can access it. For applications with access to IMDS, it makes available metadata about the instance, its network, and its storage. The IMDS also makes the AWS credentials available for any IAM role that is attached to the instance.

Security Companies and Activists Launch ‘Coalition Against Stalkerware’

Tuesday, a group of cybersecurity companies, domestic violence charities, and digital activists formally announced a coalition to try and stop the spread of so-called stalkerware, as well as a website to help stalkerware victims. Stalkerware are apps or malware that can, among other things, steal messages, log movements, and remotely turn on a phone’s camera without the owner’s knowledge or consent. Often abusive partners use stalkerware to monitor their spouse.

IDG Contributor Network: 3 keys to preserving customer relationships in the wake of a data breach

For any organization, the primary objective of a “crisis” is to get through the event with as little long-term impact as possible. This means all the elements of your company that were thriving beforehand should still be thriving afterwards. From this perspective, it’s not enough to get a system back up and running after a data breach, if you’ve damaged other parts of the business in the process – for example, your customers lose trust in you and take their business elsewhere.

Exploit kits: fall 2019 review

Despite a slim browser market share, Internet Explorer is still being exploited in fall 2019 in a number of drive-by download campaigns. Perhaps even more surprising, we’re seeing new exploit kits emerge.

Build trust with remote users to get qualitative feedback

Alex Gold is co-founder of Myia, an intelligent health platform employing novel biometric data to predict and prevent costly medical events. Previously, Alex was Venture Partner at BCG Digital Ventures and a co-founder of Traction, a marketplace of digital marketing experts. More posts by this contributor

Over the past decade, software developers and growth marketers have automated most qualitative user feedback and testing. And yet, what about testing with communities like patients or senior citizens who may be more challenging to reach?

Google and Samsung Fix Android Spying Flaw. Other Makers May Still Be Vulnerable

Until recently, weaknesses in Android camera apps from Google and Samsung made it possible for rogue apps to record video and audio and take images and then upload them to an attacker-controlled server — without any permissions to do so. Camera apps from other manufacturers may still be susceptible. From a report: The weakness, which was discovered by researchers from security firm Checkmarx, represented a potential privacy risk to high-value targets, such as those preyed upon by nation-sponsored spies. Google carefully designed its Android operating system to bar apps from accessing cameras and microphones without explicit permission from end users. An investigation published Tuesday showed it was trivial to bypass those restrictions. The investigation found that an app needed no permissions at all to cause the camera to shoot pictures and record video and audio. To upload the images and video — or any other image and video stored on the phone — to an attacker-controlled server, an app needed only permission to access storage, which is among one of the most commonly given usage rights.

The weakness, which is tracked as CVE-2019-2234, also allowed would-be attackers to track the physical location of the device, assuming GPS data was embedded into images or videos. Google closed the eavesdropping hole in its Pixel line of devices with a camera update that became available in July. Checkmarx said Samsung has also fixed the vulnerability, although it wasn’t clear when that happened. Checkmarx said Google has indicated that Android phones from other manufacturers may also be vulnerable. The specific makers and models haven’t been disclosed.

Ransomware Bites 400 Veterinary Hospitals

National Veterinary Associates (NVA), a California company that owns more than 700 animal care facilities around the globe, is still working to recover from a ransomware attack late last month that affected more than half of those properties, separating many veterinary practices from their patient records, payment systems and practice management software. NVA says it expects to have all facilities fully back up and running normally within the next week.