Virus screener goes down, Intel patches more chips, Pegasus government spying code spreads across globe

Plus: Gov pay sites take a dive, and more

Spectre graphic

Roundup When we weren't dealing with malware bricked-breweries, poorly-wiped servers or litigious vendors, we had a number of other security headaches to keep busy with.

Here's a few of them.

Gov pay sites pilfered

Government pay portals were in the crosshairs of cybercriminals this week.

First, there was GovPayNow, who got the dreaded Brian Krebs treatment. The internet security sleuth reported that GovPayNow.com had been relieved by hackers of some 14m records.

These include payment receipts for government fees and fines as well as payment records for individual citizens. The site claims it has no record of any criminal activity being reported with the exposed data.

Meanwhile, FireEye claims that it has spotted a malware threat at Click2Gov, another site tasked with with collecting fees for city and county governments in the US.

According to FireEye, a number of Click2Gov servers were compromised using one of three Oracle Web Logic vulnerabilities and then used debugging tools and datamining malware to lift the payment card data of customers.

Perhaps most puzzling, FireEye says it doesn't know who might actually be behind the sophisticated operation.

"The attacker’s understanding of the Click2Gov host requirements, process logging details, payment card fields, and internal communications protocols demonstrates an advanced knowledge of the Click2Gov application," the firm said.

"Given the manner in which underground forums and marketplaces function, it is possible that tool development could have been contracted to third parties and remote access to compromised systems could have been achieved by one entity and sold to another."

Bondage for Bondars

A Latvian man who helped malware writers operate undetected will be spending the next decade and a half looking at the inside of prison cell.

Ruslan Bondars was sentenced this week to 14 years in prison for his role in operating Scan4You, a testing service that allowed cybercriminals to run their code by a number of popular antivirus engines to make sure their malware would be able to go undetected.

Among the most notorious of Scan4You's patrons were the creators of the notorious Citadel malware and the perpetrators of the massive Target data theft.

Earlier this year, Bondars was found guilty of computer intrusion, conspiracy to commit wire fraud and conspiracy to violate the Computer Fraud and Abuse Act (CFAA).

Intel pops out fresh round of microcode patches

Relax, this isn't for any new Spectre or Meltdown variants. Rather, this is an expansion of the ongoing Intel campaign to kick out firmware updates to motherboards that were vulnerable to Spectre v3 and Spectre v4, more accurately known as CVE-2018-3639 and CVE-2018-3640.

Intel released the first crop of these updates earlier this year, and with this week's release Chipzilla is expanding that fix with additional processors. For most machines, the updates will be distributed to OS and/or mootherboard vendors who will then put them out to end users.

For some Linux builds (such as Debian) the microcode update can also be downloaded and updated manually.

NPR puts a number on ES&S remote access boxes

Earlier this year, voting machine maker ES&S admitted that for a period of time some of the management units it offered to local government election boards had contained remote access tools from PCAnywhere.

At the time, ES&S downplayed the severity of the issue, claiming it was only a 'limited' subset of units it sold between 2000 and 2007 that contained the software. According to NPR, it was a whopping 300 jurisdictions that in fact had units that were shipped with the potentially vulnerable PCAnywhere.

It should be noted: the PCAnywhere software was only intended to be used for customer support, and it was never installed on any of the voting machines themselves (these were separate management and configuration systems) so there's no reason to think the election outcomes were ever vulnerable. Still, not a great look for a company already under fire for its security policies.

Pegasus malware officially a global brand

NSO Group's Pegasus surveillanceware has been on the market for around two years, and now researchers say the spyware has a global reach that would make most multinational corporations jealous.

CitizenLab reports that its latest analysis of the malware has found it operating in some 45 countries, usually in the hands of governments looking to keep tabs on its citizens.

As you might imagine, this isn't sitting well with privacy and human rights groups, who note that many of those customers paying NSO top dollar have less than sparkling reputations.

"Pegasus also appears to be in use by countries with dubious human rights records and histories of abusive behaviour by state security services," CitizenLab notes.

"In addition, we have found indications of possible political themes within targeting materials in several countries, casting doubt on whether the technology is being used as part of 'legitimate' criminal investigations." ®




Biting the hand that feeds IT © 1998–2018