CIA traitor spy thrown in the clink for selling secrets to China. Stack Overflow, TeamViewer admit: We were hacked...
...And more from the world of infosec this week
Roundup Here's a quick catch-up of all things infosec beyond what we've already reported this week.
Stack Overflow becomes Hack, oh no, no! Popular programmer watering-hole Stack Overflow revealed on Friday it was hacked by a miscreant on May 5. The cyber-intruder was discovered six days later when they tried to gain more privileges on SO's network, and was booted out.
We're told the hacker broke into production systems via an insecure development build of the website. The site's bosses claim no user information was stolen or altered, except...
"While our overall user database was not compromised, we have identified privileged web requests that the attacker made that could have returned IP address, names, or emails for a very small number of Stack Exchange users," said engineering veep Mary Ferguson, and by small number, she means roughly 250. "Affected users will be notified by us," Ferguson added.
The biz said it will comb its logs for any other suspicious activity, and shore up its defenses. It added it will be "engaging a third party forensics and incident response firm to assist us with both remediation and learnings," and "taking precautionary measures such as cycling secrets, resetting company passwords, and evaluating systems and security levels."
TeamViewer hacked: Remote-desktop and web conferencing software maker TeamViewer confirmed on Friday it was hacked in autumn 2016, though said nothing about it at the time. Details of the break-in emerged this week in German mag Der Spiegel.
The biz kept quiet because no customer data nor computer systems were, it is believed, compromised, and it didn't want us to worry our pretty little heads about it all.
"Our systems detected the suspicious activities in time to prevent any major damage," TeamViewer's comms director Martina Dier claimed in an email to The Register.
"An expert team of internal and external cyber security researchers, working together closely with the responsible authorities, successfully fended off the attack and with all available means of IT forensics found no evidence that customer data or other sensitive information had been stolen, that customer computer systems had been infected or that the TeamViewer source code had been manipulated, stolen or misused in any other way.
"We came to the joint conclusion that informing our users was not necessary and would have been counterproductive to the effective prosecution of the attackers. Against this backdrop, we decided not to disclose the incident publicly in the interest of the global fight against cybercrime and thus also in the interest of our users."
Ex-CIA guy jailed for 20 years for China leak: Former CIA intelligence officer Kevin Patrick Mallory, 62, of Leesburg, Virginia, was sent down for two decades on Friday for selling American national defense secrets to a Chinese spy. Some of that leaked information included "unique identifiers for human sources who had helped the United States government," according to prosecutors.
The traitor was given a Samsung Galaxy smartphone by his Middle Kingdom handler Michael Yang for covert communications: Mallory, who is fluent in Mandarin, discussed Uncle Sam's hush-hush information with Yang using the mobe, and used it to securely transmit at least five classified US government documents to Chinese intelligence. He was also spotted scanning secret and top-secret materials onto a microSD card in a FedEx store near where he lived.
“Former US intelligence officer Kevin Patrick Mallory will spend the next 20 years of his life in prison for conspiring to pass national defense information to a Chinese intelligence officer,” said Assistant Attorney General John Demers. "This case is one in an alarming trend of former US intelligence officers being targeted by China and betraying their country and colleagues."
US cybersecurity officials urged to guard border: The US Department of Homeland Security’s cybersecurity officials, who are supposed to keep hackers out of Uncle Sam's systems, have been reportedly pressured to set their day jobs aside and go defend the US-Mexico border – after not enough folks agreed to sign up.
Uncle Sam drone leak suspect pleads not guilty: Former US Air Force intelligence analyst Daniel Hale, 31, who is accused of leaking Pentagon drone program secrets to the press, has pleaded not guilty. He told his Virginia federal judge he wants a full-blown lengthy trial. His next hearing is set to take place on July 12.
Chat app Slack security whack: Slack for Windows was patched this week to close a security hole, found by Tenable, that could be exploited by miscreants to steal copies of people's downloaded documents. Make sure you're running version 3.4.0 or higher to avoid this vulnerability.
Database leak hits eight million US peeps: An insecure Elasticsearch database containing the personal details – think names, dates of birth, addresses, genders, etc – of eight million US folks was discovered facing the public internet. The data store – built from info submitted by people taking part in online sweepstakes and prize giveaways – ultimately belonged to aptly named Ifficient, which secured its system after being alerted to the blunder by security researcher Sanyam Jain.
- A Windows backdoor nasty dubbed Plead was found on systems seemingly distributed via software bundled with Asus computers. It's not quite clear whether the malware was installed from a compromised Asus backend server, or in a man-in-the-middle attack. Asus did not respond to a request for comment.
- Sophos says computers running this month's Patch Tuesday Microsoft Windows updates and Sophos Endpoint Security and Control or Sophos Central Endpoint Standard/Advanced may hang during boot.
- A hard-to-exploit Linux kernel bug (CVE-2019-11815) that can be exploited to elevate privileges in certain circumstances – for one thing, the rds_tcp module needs to be loaded – has been patched. If you stay up to date with security fixes, you've probably already picked it up.
- More than 25,000 Linksys Smart Wi-Fi routers are facing the internet and vulnerable to a hijacking attack that's been spotted sweeping the public 'net.
- Russian hackers successfully broke into systems storing voting registration files of two Florida counties in 2016, it emerged this week.
- Nine people were formally accused by the US government of belonging to a SIM swapping gang dubbed The Community that hijacked victims' cellphone numbers, typically by porting them to new SIM cards, and using the commandeered numbers to reset webmail and other account passwords to ultimately steal cryptocurrencies from online wallets. Three of them are employees of mobile networks, believed to be AT&T and Verizon.
- Remember the Russian hacking gang Fxmsp that claimed to have pwned various antivirus makers, and is apparently selling data stolen from those software houses as a result? Symantec was said to be among though it denies this. Trend Micro said one of its test labs had been accessed by miscreants, though insisted no customer data nor any of its source code had been swiped, well, at least as far as its internal probe had uncovered.
- If you've shopped from UNIQLO Japan and GU Japan's online stores, then we have some bad news for you: they've been hacked and customer information was stolen.
- HackerRank, a website for hiring software developers based on their skill, suffered a file-leaking vulnerability. ®