Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: cybercrime/malcode – Page 185

NSA: Russia’s Sandworm Hackers Have Hijacked Mail Servers

A warning that hackers are exploiting vulnerable email servers doesn’t qualify as an unusual event in general. But when that warning comes from the National Security Agency, and the hackers are some of the most dangerous state-sponsored agents in the world, run-of-the-mill email server hacking becomes significantly more alarming.

On Thursday, the NSA issued an advisory that the Russian hacker group known as Sandworm, a unit of the GRU military intelligence agency, has been actively exploiting a known vulnerability in Exim, a commonly used mail transfer agent—an alternative to bigger players like Exchange and Sendmail—running on email servers around the world. The agency warns that Sandworm has been exploiting vulnerable Exim mail servers since at least August 2019, using the hacked servers as an initial infection point on target systems and likely pivoting to other parts of the victim’s network. And while the NSA hasn’t said who those targets have been, or how many there are, Sandworm’s history as one of the most aggressive and destructive hacking organizations in the world makes any new activity from the group worth noting.

“We still consider this to be one of the most, if not the most aggressive and potentially dangerous actor that we track,” says John Hultquist, the director of intelligence at FireEye, who also led a team at iSight Partners when that company first discovered and named Sandworm in 2014.

NSA warns of new Sandworm attacks on email servers

The US National Security Agency (NSA) has published today a security alert warning of a new wave of cyberattacks against email servers, attacks conducted by one of Russia’s most advanced cyber-espionage units.

The NSA says that members of Unit 74455 of the GRU Main Center for Special Technologies (GTsST), a division of the Russian military intelligence service, have been attacking email servers running the Exim mail transfer agent (MTA).

Also known as “Sandworm,” this group has been hacking Exim servers since August 2019 by exploiting a critical vulnerability tracked as CVE-2019–10149, the NSA said in a security alert [PDF] shared today with ZDNet.

Microsoft warns about attacks with the PonyFinal ransomware

Microsoft’s security team has issued an advisory today warning organizations around the globe to deploy protections against a new strain of ransomware that has been in the wild over the past two months.

“PonyFinal is a Java-based ransomware that is deployed in human-operated ransomware attacks,” Microsoft said in a series of tweets published today.

Human-operated ransomware is a subsection of the ransomware category. In human-operated ransomware attacks, hackers breach corporate networks and deploy the ransomware themselves.

Making History: NASA and SpaceX Launch Astronauts to Space! (#LaunchAmerica Attempt May 27, 2020)

Recorded May 27, 2020: Watch history unfold on Wednesday, May 27, as NASA and SpaceX launch astronauts Robert Behnken and Douglas Hurley to the International Space Station. This mission marks the first time since the retirement of the space shuttle in 2011 that humans will fly to the space station from U.S. soil.

Tune in starting at 12:15 p.m. EDT as NASA and SpaceX provide joint, live coverage from launch to arrival at the space station. Teams are targeting 4:33 p.m. EDT for the launch of the SpaceX Crew Dragon spacecraft atop a Falcon 9 rocket from historic Launch Complex 39A at NASA’s Kennedy Space Center in Florida. The Crew Dragon is scheduled to dock to the space station at 11:29 a.m. Thursday, May 28.

Learn more about the mission: https://www.nasa.gov/launchamerica/

Chats are moderated. Inappropriate language or posts that harass other individuals will be removed.

• Be courteous
• Use respectful language
• Protect your private information
• No spam, sexually explicit or discriminatory material
• Stay on topic.

Hackers release a new jailbreak that unlocks every iPhone

A renowned iPhone hacking team has released a new “jailbreak” tool that unlocks every iPhone, even the most recent models running the latest iOS 13.5.

For as long as Apple has kept up its “walled garden” approach to iPhones by only allowing apps and customizations that it approves, hackers have tried to break free from what they call the “jail,” hence the name “jailbreak.” Hackers do this by finding a previously undisclosed vulnerability in iOS that break through some of the many restrictions that Apple puts in place to prevent access to the underlying software. Apple says it does this for security. But jailbreakers say breaking through those restrictions allows them to customize their iPhones more than they would otherwise, in a way that most Android users are already accustomed to.

The jailbreak, released by the unc0ver team, supports all iPhones that run iOS 11 and above, including up to iOS 13.5, which Apple released this week.