Oracle Identity Manager Hacked through a Critical Flaw

 

Based in Redwood, California, Oracle Corporation is the largest software company whose primary business is database products. Historically, Oracle has targeted high-end workstations and minicomputers as the server platforms to run its database systems. Its relational database was the first to support the SQL language, which has since become the industry standard.

A exploit was found in Oracle’s identity management system. This exploix has been marked as CVE-2017-10151, it has been assigned the highest CVSS score of 10 and is easy to exploit without any user interaction.

This CVE is due to a security loophole involving a default account that allows an unathenticated attacker on the same network to compromise the Oracle Identity Manager through HTTP.

The full details of this vulnerability have not yet been released by Oracle.

“This vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials,” Oracle’s advisory reads.

The easily exploitable vulnerability affects Oracle Identity Manager versions 11.1.1.7, 11.1.1.9, 11.1.2.1.0, 11.1.2.2.0, 11.1.2.3.0 and 12.2.1.3.0.

Oracle has already released patches for all versions of the products that were affected by this CVE. all users should update to the latest version of Oracle to patch the vulnerability before a hacker has the chance to exploit it.

Justin Palmer

Sources:

https://thehackernews.com/2017/10/oracle-identity-manager.html

https://www.oracle.com/index.html

 

Advertisements

North Korea Hackers Accused of Stealing Secret Blueprints of South Korea’s Submarine Weapon Systems

28-KimJongUn-AFP-4

 

North Korean hackers have broken into computer systems in South Korea and stolen classified documents containing blueprints for submarines and warships, it has been alleged. They illegally accessed systems of Daewoo Shipbuilding and stole around 40,000 documents, according to South Korean politician Kyeong Dae-soo. Sixty “classified documents including blueprints and technical data for submarines and vessels equipped with Aegis weapon systems” made their way into North Korean hands.

The breach was discovered by the South Korean defense ministry. According to Kyung Dae-soo of the main opposition Liberty Korea Party. “We are almost 100 percent certain that North Korean hackers were behind the hacking and stole the company’s sensitive documents,” Kyeong told Reuters. A team investigating the hack concluded that North Korea was behind the attack after they reportedly uncovered similarities with other attacks known to have been previously conducted by North Korean hackers.

The country is also in the middle of building a brand new submarine that could potentially launch nuclear missiles. As US intelligence assesses that North Korea has begun construction of a new class of 2,000-ton submarine which Kim Jong-un could use to launch country’s nuclear missiles. Its existence hasn’t been confirmed yet, but US intelligence sources are closely monitoring the country’s shipyards in order to get an idea of what is happening.

 

Citations:

http://www.ibtimes.co.uk/north-korea-accused-hacking-stealing-secret-blueprints-south-korean-warships-submarines-1645245

http://www.mirror.co.uk/tech/north-korean-hackers-accused-stealing-11441008

http://www.businessinsider.com/north-korea-stole-submarines-technology-south-korea-2017-10

-Matthew Brown

“Faceliker” Facebook Trojan Making Comeback

“Faceliker” is malware that has been around for a few years, but recently in 2017 McAfee is reporting surges in the use of Faceliker (9.8% of all new malware in Q1/Q2 are Faceliker strains). Faceliker uses JavaScript to basically hijack the users’ clicks and generates likes on Facebook. The malware is becoming increasingly common to be embedded within malicious Chrome extensions.

Why would someone want to hijack clicks from users? Well, it seems as though Faceliker is being used to promote “fake news” (*cough* propaganda), and is also used to promote advertisements and games that aren’t popular, but seem popular due to the likes accumulated by Faceliker. It also can promote fake pages of companies or users in order to make them seem real or reputable, and possibly result in possible catfishing.

McAfee is not certain, but it appears that Faceliker is only being used to promote content by spoofing likes. It is possible different Faceliker strains are being used to steal passwords or other sensitive data, but there isn’t a clear cut answer.

-Ryan Corrao

https://www.komando.com/happening-now/422202/watch-out-facebook-hijacking-malware-is-spreading

https://themerkle.com/faceliker-facebook-malware-makes-a-surprising-comeback/

Hackers Exploit Microsoft Servers to Mine Cryptocurrency

Mining for cryptocurrency is becoming an extremely profitable investment. One of the most popular currencies, bitcoin, is skyrocketing in value. One bitcoin is currently worth $4297 U.S. dollar. These currencies are becoming more and more popular to use online for illegal activity because it’s more difficult to trace, and increasing in value so quickly.

Now to this recent attack on servers running Windows server 2003. An exploit in this software was discovered in March of this year (2017), the exploit targets the web server in Windows server 2003. Hackers have now taken to attacking servers that have not patched to the most recent update that fixes the exploit. The exploit infects the server and adds it to a botnet for the hacker to control and mine for cryptocurrency. In this attack the hackers were mining for a currency called Monero, this currency is completely untraceable and anonymous. Hackers prefer mining for Monero because it uses an algorithm called CryptoNight which works on CPUs and GPUs and unlike Bitcoin requires no special hardware to begin mining. This currency is currently significantly less valuable than bitcoin, at the time of writing 1 Monero is worth $90 U.S. dollars but, like all cryptocurrency the value fluctuates quite frequently. This attack gained the hackers $63,000 worth of Monero in 3 months. There are quite a few pieces of malware that exploit servers to mine this currency. One piece of malware called Adylkuzz uses the EternalBlue exploit, which was actually created by the NSA and released by a group called the Shadow Brokers this exploit was used in the WannaCry ransomware attack. BondNet is another form of malware that also creates a botnet to mine Monero.

 

– Levi Walker

 

Sources:

https://thehackernews.com/2017/09/windows-monero-miners.html

https://en.bitcoin.it/wiki/CryptoNight

https://coinmarketcap.com/currencies/monero/

 

 

 

Major Accounting Firm Deloitte Hit by Extensive Cybersecurity Data Breach

Similar to Equifax’s data breach, Deloitte with $37B in annual revenues, suffered an extensive cybersecurity data breach that led to a lot of things being compromised. Moreover, Deloitte did not tell anyone similar to Equifax, both of the company’s data had been compromised months ago before reported. Deloitte kept the hack internally secret, only informing “a handful” of senior partners and lawyers, as well as six clients. The company is one of the world’s Big Four accounting firms — which works with large banks, global firms, and government agencies, among others, provides tax and auditing services, operations consulting, merger and acquisition assistance and, ironically cybersecurity advice.

The hackers compromised confidential emails, sensitive attachments, the hackers may have gotten their hands on usernames, passwords, IP addresses, business information and workers’ health records. The Guardian reported that six Deloitte clients have already confirmed that the hack had impacted their data. Deloitte has yet to establish whether a lone wolf, business rivals, or state-sponsored hackers were responsible.

The cause of the data breach was apparently stemmed from an administrator’s account that was protected by a single password and did not have multi-factor authentication setup. The attack was discovered back in March 2017, but the attackers could have gained access as early as October 2016. The emails were stored in Microsoft Azure; some 5 million emails were said to have been stored in the cloud when it was compromised. Compromised email servers are usually filled with very sensitive information that hackers can exploit and even spear phish people with. However, Deloitte told The Guardian that only a fraction were actually at risk. Deloitte’s internal review is still ongoing.

-Matthew Brown

Sources:

https://www.engadget.com/2017/09/25/deloitte-reports-extensive-cybersecurity-breach/

http://www.bbc.com/news/technology-41385951

http://www.techrepublic.com/article/deloitte-hacked-cybersecurity-attack-compromises-client-emails-and-plans/

https://boingboing.net/2017/09/25/uh-oh.html