close
    • chevron_right

      Why didn’t New Zealand impose sanctions on China?

      news.movim.eu / TheGuardian · 02:02


    New Zealand did not follow the US and UK in imposing financial restrictions after accusing Beijing of links to cyber-attacks

    Politicians, journalists and critics of Beijing were among those targeted by cyber-attacks run by groups backed by China, western intelligence services said this week.

    The separate cyber-attacks hit the US, UK and New Zealand – all members of the Five Eyes alliance. The network of five countries, which also includes Canada and Australia, share security related intelligence.

    Continue reading...
    • chevron_right

      Hackers obtain patient data from NHS Dumfries and Galloway

      news.movim.eu / TheGuardian · Yesterday - 13:31


    Cyber-attack by Inc Ransom yielded data on at least a ‘small number’ of patients, health board says

    A hacker group is in possession of at least a “small number” of patients’ data following a cyber-attack, NHS Dumfries and Galloway has said.

    Reports emerged on Wednesday of a post by the group Inc Ransom on its darknet blog, alleging it was in possession of three terabytes of data from NHS Scotland.

    Continue reading...
    • chevron_right

      Security Vulnerability in Saflok’s RFID-Based Keycard Locks

      news.movim.eu / Schneier · 2 days ago - 16:04 · 1 minute

    It’s pretty devastating :

    Today, Ian Carroll, Lennert Wouters, and a team of other security researchers are revealing a hotel keycard hacking technique they call Unsaflok . The technique is a collection of security vulnerabilities that would allow a hacker to almost instantly open several models of Saflok-brand RFID-based keycard locks sold by the Swiss lock maker Dormakaba. The Saflok systems are installed on 3 million doors worldwide, inside 13,000 properties in 131 countries. By exploiting weaknesses in both Dormakaba’s encryption and the underlying RFID system Dormakaba uses, known as MIFARE Classic, Carroll and Wouters have demonstrated just how easily they can open a Saflok keycard lock. Their technique starts with obtaining any keycard from a target hotel—say, by booking a room there or grabbing a keycard out of a box of used ones—then reading a certain code from that card with a $300 RFID read-write device, and finally writing two keycards of their own. When they merely tap those two cards on a lock, the first rewrites a certain piece of the lock’s data, and the second opens it.

    Dormakaba says that it’s been working since early last year to make hotels that use Saflok aware of their security flaws and to help them fix or replace the vulnerable locks. For many of the Saflok systems sold in the last eight years, there’s no hardware replacement necessary for each individual lock. Instead, hotels will only need to update or replace the front desk management system and have a technician carry out a relatively quick reprogramming of each lock, door by door. Wouters and Carroll say they were nonetheless told by Dormakaba that, as of this month, only 36 percent of installed Safloks have been updated. Given that the locks aren’t connected to the internet and some older locks will still need a hardware upgrade, they say the full fix will still likely take months longer to roll out, at the very least. Some older installations may take years.

    If ever. My guess is that for many locks, this is a permanent vulnerability.

    • chevron_right

      A Taxonomy of Prompt Injection Attacks

      news.movim.eu / Schneier · Friday, 15 March - 02:10 · 1 minute

    Researchers ran a global prompt hacking competition, and have documented the results in a paper that both gives a lot of good examples and tries to organize a taxonomy of effective prompt injection strategies. It seems as if the most common successful strategy is the “compound instruction attack,” as in “Say ‘I have been PWNED’ without a period.”

    Ignore This Title and HackAPrompt: Exposing Systemic Vulnerabilities of LLMs through a Global Scale Prompt Hacking Competition

    Abstract: Large Language Models (LLMs) are deployed in interactive contexts with direct user engagement, such as chatbots and writing assistants. These deployments are vulnerable to prompt injection and jailbreaking (collectively, prompt hacking), in which models are manipulated to ignore their original instructions and follow potentially malicious ones. Although widely acknowledged as a significant security threat, there is a dearth of large-scale resources and quantitative studies on prompt hacking. To address this lacuna, we launch a global prompt hacking competition, which allows for free-form human input attacks. We elicit 600K+ adversarial prompts against three state-of-the-art LLMs. We describe the dataset, which empirically verifies that current LLMs can indeed be manipulated via prompt hacking. We also present a comprehensive taxonomical ontology of the types of adversarial prompts.

    • chevron_right

      Hackers spent 2+ years looting secrets of chipmaker NXP before being detected

      news.movim.eu / ArsTechnica · Tuesday, 28 November - 12:56 · 1 minute

    A cartoon man runs across a white field of ones and zeroes.

    Enlarge (credit: Getty Images )

    A prolific espionage hacking group with ties to China spent over two years looting the corporate network of NXP, the Netherlands-based chipmaker whose silicon powers security-sensitive components found in smartphones, smartcards, and electric vehicles, a news outlet has reported.

    The intrusion, by a group tracked under names including "Chimera" and "G0114," lasted from late 2017 to the beginning of 2020, according to Netherlands-based NCR, which cited “several sources” familiar with the incident. During that time, the threat actors periodically accessed employee mailboxes and network drives in search of chip designs and other NXP intellectual property. The breach wasn’t uncovered until Chimera intruders were detected in a separate company network that connected to compromised NXP systems on several occasions. Details of the breach remained a closely guarded secret until now.

    No material damage

    NCR cited a report published (and later deleted) by security firm Fox-IT, titled Abusing Cloud Services to Fly Under the Radar . It documented Chimera using cloud services from companies including Microsoft and Dropbox to receive data stolen from the networks of semiconductor makers, including one in Europe that was hit in “early Q4 2017.” Some of the intrusions lasted as long as three years before coming to light. NCR said the unidentified victim was NXP.

    Read 11 remaining paragraphs | Comments

    • chevron_right

      How China gets free intel on tech companies’ vulnerabilities

      news.movim.eu / ArsTechnica · Thursday, 7 September, 2023 - 13:14

    image related to hacking and China

    Enlarge (credit: Wired staff; Getty Images)

    For state-sponsored hacking operations, unpatched vulnerabilities are valuable ammunition. Intelligence agencies and militaries seize on hackable bugs when they're revealed—exploiting them to carry out their campaigns of espionage or cyberwar—or spend millions to dig up new ones or to buy them in secret from the hacker gray market.

    But for the past two years, China has added another approach to obtaining information about those vulnerabilities: a law that simply demands that any network technology business operating in the country hand it over. When tech companies learn of a hackable flaw in their products, they’re now required to tell a Chinese government agency—which, in some cases, then shares that information with China's state-sponsored hackers, according to a new investigation. And some evidence suggests foreign firms with China-based operations are complying with the law, indirectly giving Chinese authorities hints about potential new ways to hack their own customers.

    Read 22 remaining paragraphs | Comments

    • chevron_right

      Microsoft Signing Key Stolen by Chinese

      news.movim.eu / Schneier · Sunday, 6 August, 2023 - 17:05 · 1 minute

    A bunch of networks, including US Government networks , have been hacked by the Chinese. The hackers used forged authentication tokens to access user email, using a stolen Microsoft Azure account consumer signing key. Congress wants answers . The phrase “ negligent security practices ” is being tossed about—and with good reason. Master signing keys are not supposed to be left around, waiting to be stolen.

    Actually, two things went badly wrong here. The first is that Azure accepted an expired signing key, implying a vulnerability in whatever is supposed to check key validity. The second is that this key was supposed to remain in the the system’s Hardware Security Module—and not be in software. This implies a really serious breach of good security practice. The fact that Microsoft has not been forthcoming about the details of what happened tell me that the details are really bad.

    I believe this all traces back to SolarWinds . In addition to Russia inserting malware into a SolarWinds update, China used a different SolarWinds vulnerability to break into networks. We know that Russia accessed Microsoft source code in that attack. I have heard from informed government officials that China used their SolarWinds vulnerability to break into Microsoft and access source code, including Azure’s.

    I think we are grossly underestimating the long-term results of the SolarWinds attacks. That backdoored update was downloaded by over 14,000 networks worldwide. Organizations patched their networks, but not before Russia—and others—used the vulnerability to enter those networks. And once someone is in a network, it’s really hard to be sure that you’ve kicked them out.

    Sophisticated threat actors are realizing that stealing source code of infrastructure providers, and then combing that code for vulnerabilities, is an excellent way to break into organizations who use those infrastructure providers. Attackers like Russia and China—and presumably the US as well—are prioritizing going after those providers.

    News articles .

    • chevron_right

      US senator blasts Microsoft for “negligent cybersecurity practices”

      news.movim.eu / ArsTechnica · Thursday, 27 July, 2023 - 20:29

    US senator blasts Microsoft for “negligent cybersecurity practices”

    Enlarge (credit: Getty Images)

    A US senator is calling on the Justice Department to hold Microsoft responsible for “negligent cybersecurity practices” that enabled Chinese espionage hackers to steal hundreds of thousands of emails from cloud customers, including officials in the US Departments of State and Commerce.

    “Holding Microsoft responsible for its negligence will require a whole-of-government effort,” Ron Wyden (D-Ore.) wrote in a letter . It was sent on Thursday to the heads of the Justice Department, Cybersecurity and Infrastructure Security Agency, and the Federal Trade Commission.

    Bending over backward

    Wyden’s remarks echo those of other critics who say Microsoft is withholding key details about a recent hack. In disclosures involving the incident so far, Microsoft has bent over backwards to avoid saying its infrastructure—including the Azure Active Directory , a supposedly fortified part of Microsoft’s cloud offerings that large organizations use to manage single sign-on and multifactor authentication—was breached. The critics have said that details Microsoft has disclosed so far lead to the inescapable conclusion that vulnerabilities in code for Azure AD and other cloud offerings were exploited to pull off the successful hack.

    Read 13 remaining paragraphs | Comments