Microsoft identifies second hacking group affecting SolarWinds software

Microsoft revealed that a second hacking group had deployed malicious code that affects software made by SolarWinds, the federal contractor at the center of a suspected Russian espionage campaign against multiple U.S. government agencies. “[T]he investigation of the whole SolarWinds compromise led to the discovery of an additional malware that also affects the SolarWinds Orion product but has been determined to be likely unrelated to this compromise and used by a different threat actor,” a Microsoft research team said in a blog post on Friday. The discovery underscores the extent to which Texas-based SolarWinds, whose software is used throughout Fortune 500 companies, is a valuable target for hackers. The newly revealed malware, known to researchers as Supernova, differs from the alleged Russian tampering because it does not appear to involve a compromise of the supply chain, Microsoft said. The Supernova code does, however, allow an attacker to send and execute […]

The post Microsoft identifies second hacking group affecting SolarWinds software appeared first on CyberScoop.

Continue reading Microsoft identifies second hacking group affecting SolarWinds software

Well-developed backdoor can harvest information from restaurants, bars and hotels, researchers say

Restaurants, bars and hotels are taking a big hit from the coronavirus pandemic, but they still can be inviting targets for cybercriminals. A point-of-sale-system widely used in the hospitality industry to process credit card payments and other transactions — ORACLE MICROS Restaurant Enterprise Series (RES) 3700 — is vulnerable to a backdoor that allows attackers to see some of the information in the system’s databases, according to researchers at Slovakia-based cybersecurity company ESET. The researchers stress that highly sensitive pieces of information — such as credit card numbers and expiration dates – do not appear to be vulnerable to the malware, which they’re calling ModPipe. The malicious software, for now, harvests only “data stored in the clear,” ESET says, including cardholder names. But ModPipe potentially could be the conduit for more harmful malware, given that it is modular — meaning that it’s designed for attackers to swap features in and out. […]

The post Well-developed backdoor can harvest information from restaurants, bars and hotels, researchers say appeared first on CyberScoop.

Continue reading Well-developed backdoor can harvest information from restaurants, bars and hotels, researchers say

The NSA is Refusing to Disclose its Policy on Backdooring Commercial Products

Senator Ron Wyden asked, and the NSA didn’t answer:

The NSA has long sought agreements with technology companies under which they would build special access for the spy agency into their products, according to disclosures by former NSA contractor Edwa… Continue reading The NSA is Refusing to Disclose its Policy on Backdooring Commercial Products

Chinese banks require clients to use tax programs laced with backdoors, report says

When a Chinese bank asked a new client to use a specific kind of tax software as a condition of doing business, the company didn’t know that the tax technology came with a backdoor that would give hackers a new way in, according to research from Trustwave. The Chinese bank had told the U.K.-based defense contractor that the Chinese government required firms to use that specific software tool to pay local taxes. However, findings published Tuesday by the security vendor Trustwave spotlight how the tax software’s developer has relied on a number of subcontractors to build software flaws into other software tools for years. The programs are required to be used through the Chinese government’s Chinese Golden Tax Project, a tax system launched in the 1990s meant to streamline tax administration, according to Trustwave. The security company did not identify the Chinese bank nor the U.K.-based defense contractor. The revelation that Beijing mandates […]

The post Chinese banks require clients to use tax programs laced with backdoors, report says appeared first on CyberScoop.

Continue reading Chinese banks require clients to use tax programs laced with backdoors, report says

Notorious Hacker ‘Fxmsp’ Outed After Widespread Access-Dealing

The Kazakh native made headlines last year for hacking McAfee, Symantec and Trend Micro; but the Feds say he’s also behind a widespread backdoor operation spanning six continents. Continue reading Notorious Hacker ‘Fxmsp’ Outed After Widespread Access-Dealing

Encryption: Politicians Try to Outlaw Math (Again)

As we all know by now, it’s impossible to meet the irreconcilable aims of data security and government backdoors.
The post Encryption: Politicians Try to Outlaw Math (Again) appeared first on Security Boulevard.
Continue reading Encryption: Politicians Try to Outlaw Math (Again)

Zoom’s Commitment to User Security Depends on Whether you Pay It or Not

Zoom was doing so well…. And now we have this: Corporate clients will get access to Zoom’s end-to-end encryption service now being developed, but Yuan said free users won’t enjoy that level of privacy, which makes it impossible for third parties to decipher communications. "Free users for sure we don’t want to give that because we also want to work… Continue reading Zoom’s Commitment to User Security Depends on Whether you Pay It or Not

Zoom’s Commitment to User Security Depends on Whether you Pay It or Not

Zoom was doing so well…. And now we have this: Corporate clients will get access to Zoom’s end-to-end encryption service now being developed, but Yuan said free users won’t enjoy that level of privacy, which makes it impossible for third parties to d… Continue reading Zoom’s Commitment to User Security Depends on Whether you Pay It or Not