Google logins make JavaScript mandatory, Huawei China spy shock, Mac malware, Iran gets new Stuxnet, and more

Plus, SystemD gets system de-bugged, again

china hacking

Roundup This week there were Hacked Home Hubs, buggered BBC Bits, and PortSmash privilege punch-ups.

But that wasn't all that happened – here's a weekend roundup just for you.

Huawei helped China with hacks, says Australia

So it turns out all those governments weren't just being paranoid when they barred Huawei from working on networks.

A report from The Australian (paywalled) cites a Down Under government source in reporting that on at least one occasion Huawei was pressed by the Chinese government to provide access to a foreign network.

The article does not give details on who was targeted or when, but claims that China asked Huawei to provide it with log-in credentials for networking equipment the company had sold to someone in another country.

If true, this would validate the worst fears of governments around the world: that Chinese telcos and manufacturers are in fact subject to the whims of Beijing and could at help their home country infiltrate the networks of customers, including government agencies and contractors, in other countries.

Raunchy worker gets blame for government malware mess

A horny (dare we say rock-hard) employee at the US Geological Survey ended up getting more than an eyeful after an adult site dropped malware on the government agency's network.

A US government report last month [PDF] traced a Russian malware outbreak on the USGS network to an infection spawned from a single workstation that had cruised through some 9,000 porn sites.

The IG believes that the worker had downloaded videos from the site that included the malware payload, and once running on the workstation the infection was able to spread throughout the network.

You will not be shocked to learn that said employee no longer works at the agency.

The D in SystemD stands for "Do we really have to do this again?"

Last week alarms were sounded over a serious vulnerability in SystemD. Just days later, we got wind of two more, slightly less serious vulnerabilities also present in the Linux management tool.

IBM's Xforce says that CVE-2018-15687 is a security bypass bug that will allow an attacker to target a race condition that, when successful, allows for file permissions to be overwritten.

Meanwhile, CVE-2018-15686 is a privilege escalation bug that would potentially allow an attacker with local access to elevate into root privilege by sending a specially-crafted request to the NotifyAccess component.

While neither is as serious as the remote code bug disclosed last week, admins would be well advised to make sure they are running the latest version of SystemD, in which both bugs are patched.

Bigger, badder, destructive-ier: it's Stuxnet II, Iranian Boogaloo

The Stuxnet attack will go down as one of the most complex and destructive malware operations ever.

But if a report out of Israel is to be believed, there's a bigger, badder sequel in the works.

The Times of Israel claims that critical infrastructure in Iran, including essential networks, are already being menaced by a purpose-built malware that is "more violent, more advanced and more sophisticated virus than before, that has hit infrastructure and strategic networks."

The report does not say what exactly the malware does, or how it plans on wreaking havoc in Iran. As you might imagine, the Israeli government doesn't have much to say about the subject.

But, considering that Stuxnet was able to physically destroy Iran's uranium centrifuges, used to make enriched nuclear fuel, the promise of a nastier, more destructive follow-up is definitely something worth paying attention to.

Google says everyone has to run JavaScript now

Don't like JavaScript? Tough. A recent set of security updates to the Google login page will now require JavaScript be enabled on the browser in order to work. No JavaScript, no sign-in.

Apparently, Google is using an assessment tool that will check for suspicious behavior when the user logs in. Part of that tool requires JavaScript, hence the requirement that you have it enabled.

The Chocolate Factory doesn't seem to worried of a user revolt, as it says nearly everyone already runs JavaScript.

"Chances are, JavaScript is already enabled in your browser; it helps power lots of the websites people use everyday. But, because it may save bandwidth or help pages load more quickly, a tiny minority of our users (0.1%) choose to keep it off," Google offers.

"This might make sense if you are reading static content, but we recommend that you keep JavaScript on while signing into your Google Account so we can better protect you."

Crapto crypto Mac app carries covert back doors

If you're a Mac user invested in crypto-currencies, you'll want to keep a close eye on the apps you're using to track your investments.

Researchers at Malwarebytes say a currency-tracking tool called CoinTicker activates a pair of back doors when it is installed on an unsuspecting user's machine.

"Although this functionality seems to be legitimate, the app is actually up to no good in the background, unbeknownst to the user," Malwarebytes says.

"Without any signs of trouble, such as requests for authentication to root, there’s nothing to suggest to the user that anything is wrong."

Meanwhile, the app is installing a copy of EggShell server as well as a script to link up the infected machine with a command servers. As you might have guessed, the likely aim here is to harvest coin wallets en masse.

Accused Russian agent may have run cyber recon on targets

Back in September, Russia's Maria Butina was charged with acting as an unregistered foreign agent, allegedly after years of working on behalf of the Kremlin to sway influential US politicians and lobbying groups.

If a new report from the Associated Press is to be believed, Butina also did a bit of infosec research in her time in the US. The AP claims that Butina, while a graduate student at American University, cased out the cyberdefenses of several US nonprofit organizations.

The report notes that the assignment wouldn't have drawn much attention at the time, but after Butina was arrested and charged, the operation was seen in an entirely different light - as a possible effort by the Kremlin to infiltrate and spy on non-profit groups that focused on things like human rights and media freedom.

The AP notes that, thus far, there is no evidence Butina actually passed the findings of the project on to Russia.

Man oh Manchin: West Virginia Senator says accounts got hacked

Senator Joe Manchin (D. WV) is the latest congresscritter to fall victim to hackers. This time, it was Manchin's social media accounts that were compromised.

While the reports don't say exactly what the hackers were going for or what they were able to get from the accounts, but Manchin's office has said it is working with law enforcement on the matter.

With the US mid-term elections just days away, it would not be surprising at all to find out that any number of people in the House and the Senate have had one or more social media accounts compromised. ®




Biting the hand that feeds IT © 1998–2018