Ready to Start Your Career?
September 1, 2017
UNM4SK3D: CIA, Instagram, and St. Jude
September 1, 2017
#wikileaksWikileaks is in the news for more reasons than 1 this week. As expected, they've added another hacking tool to the growing list of Vault 7 leaks. The latest, 'AngelFire' is a Windows hacking tool used to gain persistent remote access. But, prior to that leak, Wikileaks was hacked themselves by none other than the infamous group 'OurMine.'You may recall OurMine from last week's UNM4SK3D in which Sony PlayStation was targeted. The Saudi hacking group, known for targeting high-profile figures and companies' social media accounts, including Facebook CEO Mark Zuckerberg and HBO, have not rested on their mission to bring attention to the security holes in targets systems or accounts. Escalating from their traditional message posting, this one more aggressive than previous, the group called out Anonymous and Wikileaks directly. While there was no indication WikiLeaks servers had been compromised, their website was redirected to a hacker-controlled server using DNS poisoning attack. In this type of attack, an attacker gets control of the DNS server and changes a value of name-servers in order to divert Internet traffic to a malicious IP address. Site administrators quickly regained access to their DNS server, returning the WikiLeaks website back online with its legitimate servers, allowing them to later post 'AngelFire.'The 'AngelFire' framework "implants a persistent backdoor on the target Windows computers by modifying their partition boot sector." It consists of 5 components: Solartime, Wolfcreek, Keystone, BadMFS, and Windows Transitory File system. According to Wikileaks, administrative rights are needed on the target computer in order to install and utilize the tool. The guide also indicates the 32-bit version of the implant works against Windows XP and Windows 7, while the 64-bit implant can target Server 2008 R2 and Windows 7. It also states that loading additional implants create memory leaks that can be possibly detected on infected machines.
Hi it's OurMine (Security Group), don't worry we are just testing your.... blablablabla, Oh wait, Wikileaks, remember when you challenged us to hack you? Anonymous, remember when you tried to dox us with fake information for attacking Wikileaks? There we go! Our group beat you all!#WikiealksHack let's get it trending on twitter! -OurMine postWant the scoop of Wikileaks and OurMine? Catch up with last week's 'UNM4SK3D.'
#hackedNo matter what filter or lighting you use, this is a bad look for Instagram, who suffered a data breach in which hackers gained access to phone number and email addresses for many 'high-profile' users.It appears the flaw resides in Instagram's application programming interface (API), which the service uses to communicate with other apps. The specific flaw was not revealed by 'the gram' although they continued to assure users that the bug has been patched and that their security team is investigating the incident further. Instagram also declined to provide which accounts had been affected by the breach, however many have speculated the recent hack of Selena Gomez's account with over 125 million followers was related. Two days prior to this disclosure, an unknown hacker hijacked most her account, posting ex-boyfriend Justin Bieber's nude photographs. Her account has also since been recovered.Despite the Instagram hackers not having access to passwords, this breach is still especially dangerous. The Hacker News says, "With email addresses and phone numbers in their hands, the hackers next step could be used the information in tandem with social engineering techniques in an effort to gain access to verified users' Instagram accounts to embarrass them." All verified users were given notice via email and were encouraged to be cautious if they receive suspicious or unrecognized phone calls, text messages, or emails. All users are highly recommended to enable two-factor authentication for their accounts and use password best practices.
We recently discovered that one or more individuals obtained unlawful access to a number of high-profile Instagram users' contact information—specifically email address and phone number—by exploiting a bug in an Instagram API. -InstagramAre you a Facebook, Instagram, or Snapchat user? Find out how cyber criminals are able to hack your account in this detailed post from Heimdal Security.
#iotAt last, the firmware update mandated by the FDA to address security vulnerabilities in radio frequency (RF)-enabled St. Jude Medical (now Abbott) implantable pacemakers is now available to patients. The initial report, filed by MedSec and Muddy Waters, claimed that attackers could, among other things, crash implantable cardiac devices and drain their battery at a fast rate. Shortly after the FDA began investigating this claim, they released formal guidance on "the postmarket management of cybersecurity for medical devices, while St. Jude Medical pushed a security update to resolve some of the flaws in January 2017." Released on August 23rd, the new software will reduce the risk of patient harm due to potential exploitation of cyber security vulnerabilities. In order to get this update, however, patients must visit their healthcare provider for the operation.Specifically, for those who may be affected, the firmware releases are meant to mitigate issues with Accent/Anthem, Version F0B.0E.7E; Accent MRI/Accent ST, Version F10.08.6C; Assurity/Allure, Version F14.07.80; and Assurity MRI, Version F17.01.49. At this time, the pacemaker company has said it is unaware of any security incidents related to, nor any attacks explicitly targeting, its devices and pacemaker manufactured from August 28th, 2017 on will have this update pre-loaded in the device.
The FDA recommends that patients and their health care providers discuss the risks and benefits of the cyber security vulnerabilities and the associated firmware update designed to address such vulnerabilities at their next regularly scheduled visit. -The FDALook back on the initial happenings with St. Jude in this previous edition of 'UNM4SK3D.'