Configuration errors in Intel workstations being labeled a security hole

By Andy Patrizio

Security researchers at an antivirus company have documented another potentially serious security hole in an Intel product, this time in the mechanism for performing system updates. The good news, however, is that it is limited to desktops, is a configuration error, and does not appear to impact servers.

Read more at https://www.networkworld.com/article/3248584/security/configuration-errors-in-intel-workstations-being-labeled-a-security-hole.html

Yes, Hawaii emergency management stuck a password on a sticky note

By Lisa Vaas

A false alarm about a ballistic missile; a panic-stricken populace running for cover; the governor and the FCC chief dissing your agency’s lack of safeguards or process controls; and just to add a dash of ludicrous to the unsavory dish that is this week, a conspiracy theory about how these “accidental” missile alerts aren’t really accidents at all.

Wow. Could things possibly get any worse for the people over at the Hawaii Emergency Management Agency (HI-EMA)?

Why, yes! The worsitude comes in the flimsiest but all too familiar of forms: a yellow sticky note, spotted in an Associated Press photo from July, at the agency’s headquarters at Diamond Head, bearing a password and stuck to a computer screen. While there’s a press photographer in the room, obviously.

Richard Rapoza,a spokesman for HI-EMA, told Hawaii News Now that the password is authentic and was actually used for an “internal application.”

Read more at https://nakedsecurity.sophos.com/2018/01/18/yes-hawaii-emergency-management-stuck-a-password-on-a-sticky-note/

Hijackers DM @realDonaldTrump from former Fox News hosts’ accounts

By Lisa Vaas

The Twitter accounts of two former Fox News hosts were hijacked on Tuesday by somebody or somebodies who filled their feeds with propaganda supporting Turkey’s controversial president, Recep Tayyip Erdogan.

The accounts, which belong to Eric Bolling and Greta Van Susteren, were restored within a few hours, but not before alert Twitter users grabbed screen captures.

The Huffington Post translated one of the propaganda posts that was written in Turkish. It read:

You are hacked by the Turkish cyber army Ayyildiz Tim! We got your DM correspondence! We will show you the power of the Turk!

Another, written in English, from the hijacked Van Susteren account:

We love the Turks and Muslims in the world. We condemn those who persecute them, especially in the United States, and we share their suffering. We love Turkish soldiers, we love Erdogan, we love Turkey.

While they still had control of the accounts, the hackers also posted a screenshot of what appeared to be Bolling’s direct messages.

Read more at https://nakedsecurity.sophos.com/2018/01/18/hijackers-dm-realdonaldtrump-from-former-fox-news-hosts-accounts/

BlackWallet cryptocurrency site loses users’ money after DNS hijack

By John E Dunn

Another site in the booming cryptocurrency wallet sector has been hacked after what looks like a DNS hijacking attack.

The victim this time is BlackWallet, whose users reportedly lost 670,000 of a currency called Stellar Lumens (XLMs) worth around $425,000 at the point they were stolen on the afternoon of 13 January.

News that something was amiss first emerged in a Reddit posting claiming to be from the site’s admin:

BlackWallet was compromised today, after someone accessed my hosting provider account. I am sincerely sorry about this and hope that we will get the funds back.

A security researcher who took a look at blackwallet.co before it was taken down tweeted:

The DNS hijack of Blackwallet injected code, if you had over 20 Lumens it pushes them to a different wallet.

The stolen XLMs were reportedly siphoned off to the Bittrex cryptocurrency exchange, before (most likely) being laundered into another cryptocurrency.

Once they have control over any domain, attackers clearly have a lot of power to manipulate, monitor or redirect users logging in, but the deeper question always comes down to how they got this far.

Read more at https://nakedsecurity.sophos.com/2018/01/18/blackwallet-cryptocurrency-site-loses-users-money-after-dns-hijack/

SkyGoFree malware spies on your Android phone and your messages

By Paul Ducklin

Android threat-of-the-year so far in 2018, at least if you measure by media interest, is the curiously-named SkyGoFree malware.

(The name was apparently invented by researchers at Kaspersky, simply because they “found the word in one of the domains” used in one of the samples they looked at – the malware isn’t targeted at users of the telecommunications company Sky or its Sky Go TV product.)

In one word, SkyGoFree (or SkyFree as Sophos products detect it) is easily described: spyware.

A quick look in the decompiled Java code of the malware reveals the range of data it knows how to steal.

There’s loads more treacherous functionality in the malware, including a function called StartReverse() that connects your phone up to a server run by the crooks to given them what’s called a reverse shell.

Normally, to logon into a command prompt (known in Unix and Linux as a shell) you need to initiate a connection to a device, which means getting through any firewalls and network address translation that’s in the way.

Many mobile networks, and almost all Wi-Fi networks, let you make outbound connections to other people, but don’t let others connect inbound directly to you – you’re supposed to be a data consumer (client) on the network, not a data producer (server).

Hackers get around this with a reverse shell: a common intrusion trick that turns the logon process on its head.

Read more at https://nakedsecurity.sophos.com/2018/01/18/skygofree-malware-spies-on-your-android-phone-and-your-messages/