New SMB Worm Uses Seven NSA Hacking Tools. WannaCry Used Just Two

An anonymous reader writes: Researchers have detected a new worm that is spreading via SMB, but unlike the worm component of the WannaCry ransomware, this one is using seven NSA tools instead of two. Named EternalRocks, the worm seems to be in a phase where it is infecting victims and building its botnet, but not delivering any malware payload. EternalRocks is far more complex than WannaCry’s SMB worm. For starters, it uses a delayed installation process that waits 24 hours before completing the install, as a way to evade sandbox environments. Further, the worm also uses the exact same filenames as WannaCry in an attempt to fool researchers of its true origin, a reason why the worm has evaded researchers almost all week, despite the attention WannaCry payloads have received. Last but not least, the worm does not have a killswitch domain, which means the worm can’t be stopped unless its author desires so. Because of the way it was designed, it is trivial for the worm’s owner to deliver any type of malware to any of the infected computers. Unfortunately, because of the way he used the DOUBLEPULSAR implant, one of the seven NSA hacking tools, other attackers can hijack its botnet and deliver their own malware as well. IOCs are available in a GitHub repo. Ars Technica quotes security researchers who say “there are at least three different groups that have been leveraging the NSA exploit to infect enterprise networks since late April… These attacks demonstrate that many endpoints may still be compromised despite having installed the latest security patch.”

Read more of this story at Slashdot.


Slashdot

‘New Way of Stealing Cars’: Hacking Them With A Laptop

retroworks writes: The Wall Street Journal (Warning: source may be paywalled), CBS and Marketwatch all lead the morning with stories about the newest method of stealing (late model) cars. No need for hacking off the ignition switch and touching the wires to create a spark (controversial during broadcasts in 1970s television crime criticized for “teaching people to steal cars”). Thieves now use the laptop to access the automobile’s computer system, and voila. “Police and car insurers say thieves are using laptop computers to hack into late-model cars’ electronic ignitions to steal the vehicles, raising alarms about the auto industry’s greater use of computer controls. The discovery follows a recent incident in Houston in which a pair of car thieves were caught on camera using a laptop to start a 2010 Jeep Wrangler and steal it from the owner’s driveway. Police say the same method may have been used in the theft of four other late-model Wranglers and Cherokees in the city. None of the vehicles have been recovered.” The article concludes with the example filmed of a break-in in Houston. The thief, says the NICB’s Mr. Morris, likely used the laptop to manipulate the car’s computer to recognize a signal sent from an electronic key the thief then used to turn on the ignition. The computer reads the signal and allows the key to turn. “We have no idea how many cars have been broken into using this method,” Mr. Morris said. “We think it is minuscule in the overall car thefts but it does show these hackers will do anything to stay one step ahead.” No details on modifying the program to run on Android or iPhone — there’s not yet “an app for that.”

Read more of this story at Slashdot.


Slashdot

Man Arrested For Hacking 130 Celebrities

An anonymous reader writes: A man was arrested after trying to sell Hollywood movie scripts and social security numbers to an undercover DHS agent. The hacker known online as Jeff Moxey managed to hack the computers of 130 celebrities, from where he stole, besides scripts, nude pics and sexually-explicit videos. “The scope of the crime here is potentially quite large,” Assistant U.S. Attorney Kristy Greenberg said, adding that the investigation began a few weeks ago.

Read more of this story at Slashdot.


Slashdot

HIV Dating Company Accuses Researchers of Hacking Database

itwbennett writes: Slashdot readers will recall the story posted last week about the misconfiguration of the MongoDB database that powers Hzone, a dating app for the HIV-positive, and the ensuing threat of HIV infection the company hurled at DataBreaches.net, who sent the notification. (Hzone later apologized.) But that’s not the end of the story. Among other twists and turns that point to a CEO who was in way over his head, in several emails to Dissent, the admin of DataBreaches.net, Hzone CEO Justin Robert accused Dissent of changing the Hzone user database. But follow-up emails suggest that the company couldn’t tell what was accessed or when, as Robert says Hzone doesn’t have ‘a strong tech team to maintain the site.’

Read more of this story at Slashdot.


Slashdot

Despite Reports of Hacking, Baby Monitors Remain Woefully Insecure

itwbennett writes: Researchers from security firm Rapid7 have found serious vulnerabilities in nine video baby monitors from various manufacturers. Among them: Hidden and hard-coded credentials providing local and remote access over services like SSH or Telnet; unencrypted video streams sent to the user’s mobile phone; unencrypted Web and mobile application functions and unprotected API keys and credentials; and other vulnerabilities that could allow attackers to abuse the devices, according to a white paper released Tuesday. Rapid7 reported the issues it found to the affected manufacturers and to US-CERT back in July, but many vulnerabilities remain unpatched.

Read more of this story at Slashdot.


Slashdot

Symantec: Hacking Group Black Vine Behind Anthem Breach

itwbennett writes: Symantec said in a report that the hacking group Black Vine, which has been active since 2012 and has gone after other businesses that deal with sensitive and critical data, including organizations in the aerospace, technology and finance industries, is behind the hack against Anthem. The Black Vine malware Mivast was used in the Anthem breach, according to Symantec.

Read more of this story at Slashdot.


Slashdot

Tools Coming To Def Con For Hacking RFID Access Doors

jfruh writes: Next month’s Def Con security conference will feature, among other things, new tools that will help you hack into the RFID readers that secure doors in most office buildings. RFID cards have been built with more safeguards against cloning; these new tools will bypass that protection by simply hacking the readers themselves. ITWorld reports that Francis Brown, a partner at the computer security firm Bishop Fox, says: “…his aim is to make it easier for penetration testers to show how easy it is to clone employee badges, break into buildings and plant network backdoors—without needing an electrical engineering degree to decode the vagaries of near-field communication (NFC) and RFID systems.”

Read more of this story at Slashdot.


Slashdot

Hacking a ‘Smart’ Sniper Rifle

An anonymous reader writes: It was inevitable: as soon as we heard about computer-aimed rifles, we knew somebody would find a way to compromise their security. At the upcoming Black Hat security conference, researchers Runa Sandvik and Michael Auger will present their techniques for doing just that. “Their tricks can change variables in the scope’s calculations that make the rifle inexplicably miss its target, permanently disable the scope’s computer, or even prevent the gun from firing.” In one demonstration they were able to tweak the rifle’s ballistic calculations by making it think a piece of ammunition weighed 72 lbs instead of 0.4 ounces. After changing this value, the gun tried to automatically adjust for the weight, and shot significantly to the left. Fortunately, they couldn’t find a way to make the gun fire without physically pulling the trigger.

Read more of this story at Slashdot.


Slashdot