A brief overview of the main innovations in the information security solutions market for the week.
The American company Tenable has released a new version of its Nessus software for automatically finding known security gaps in information systems. Nessus 10.0 now supports the Raspberry Pi on the list of supported platforms, allowing penetration testers, consultants, security teams, and students to use the full power of Nessus anywhere. So, with Nessus 10.0 now also available for the Raspberry Pi, consultants can easily provide their clients with disposable scanners for remote auditing.
The Linux Foundation has released LFX Security, a free platform that allows software developers to secure their code. LFX provides visibility into the security status of each individual project and allows developers to quickly and easily identify and remediate vulnerabilities. The LFX platform contains community tools for security, fundraising, community expansion, project health, mentoring, and more. The platform supports projects and inspires open source development teams to write better, safer code.
Imperva has released a free security posture service for Amazon RDS Managed Relational Databases. Imperva Snapshot sends a detailed assessment report by email with the following findings:
Incorrect configurations and bad practices – analysis of cloud environment settings and database configurations;
Known vulnerabilities – detection and cataloging of vulnerabilities in databases in accordance with publicly disclosed CVEs;
Privacy and Compliance – A classification of content that has a potential to affect privacy.
Deployment of the service takes seconds, and reports will be sent to e-mail in 15-20 minutes.
Application and network performance management product provider NETSCOUT has released NETSCOUT Omnis Cyber Intelligence, a cloud-based enterprise cyber and risk intelligence platform that helps security teams easily identify, confirm, investigate and respond to threats. The platform reduces the impact of cyber threats with an analytics system that also integrates with popular SIEM platforms.
Cynamics announced an NDR solution to provide visibility and threat prediction without the need to install a device or agent on the customer’s network. Cynamics Network Detection and Response (NDR) is an artificial intelligence (AI) security solution that provides complete visibility of all enterprise networks. The solution is easy to deploy without the need to install a device or agent on the network. Cynamics NDR does not create an additional attack surface and is completely passive. It does not require any network permissions, and the solution does not collect or store any user confidential information.
Hackers hacked the BitMart crypto exchange and stole $ 150 million.
The company is investigating the incident, and the withdrawal operations are temporarily suspended.
Crypto exchange BitMart reported that it was hacked, as a result of which it lost $ 150 million worth of cryptocurrency.
Exchange founder and CEO Sheldon Xia confirmed the incident and clarified that the vulnerability was related to hot wallets Ethereum (ETH) and Binance Smart Chain (BSC).
“We have identified a large-scale security breach involving one of our hot ETH wallets and one of our hot BSC wallets. At the moment, we are still drawing conclusions about the possible methods used. The hackers managed to withdraw assets worth about $ 150 million, ”Xia wrote on his Twitter account.
On the evening of December 4, PeckShield recorded an abnormal number of withdrawals from BitMart. Among the tokens that were withdrawn from the trading platform were “meme” tokens, including Shiba Inu, as well as the USDC stablecoin.
Recall that earlier hackers stole about $ 120 million in bitcoins and ether from the decentralized financial (DeFi) platform Badger, which allows users to borrow and lend and speculate on fluctuations in cryptocurrency prices.
Cyberattack Electric Utilities Lost All Data in 25 Years
All indications are that the company has fallen victim to ransomware.
Colorado’s Delta-Montrose Electric Association (DMEA) is painfully recovering from a devastating cyberattack that destroyed all of its data over the past 25 years. An attack last month forced the company to shut down 90% of its internal computer systems.
A new notice sent out by DMEA to its customers this week says the company will begin accepting payments through the SmartHub platform and other payment terminals by December 6th. The company hopes to restore billing on December 6-10, so customers should expect an influx of electricity bills. At the same time, DMEA noted that it will not turn off services for non-payment and will not impose fines until January 31, 2022.
Employees of the company began to notice that something was wrong on November 7, and after a while almost the entire computer network of DMEA was turned off. The attack affected all support systems, payment processing tools, billing platforms and other tools provided to customers. According to the company, the hackers attacked certain segments of the internal network and damaged documents, tables and forms, indicating a ransomware attack.
Telephone systems and e-mail were also affected, but power plants and fiber-optic networks were not affected. The personal data of DMEA customers or employees has not been compromised.
DMEA has hired cybersecurity experts to investigate the incident, but is still struggling to rebuild the network.
“We are currently working with limited functionality and are focused on completing investigations and restoring services as efficiently, cost-effectively and securely as possible. We strive to restore our network and get back to normal operations, but this will take time and requires a phased approach, ”the company said.
Hundreds of malicious Tor nodes are used to de-anonymize users
Malicious servers were added to the Tor network on an ongoing basis, and there were hundreds of them.
Since at least 2017, a mysterious attacker (or group), tracked by cybersecurity experts as KAX17, has been adding malicious servers to the Tor network, acting as entry, intermediary, and exit nodes. How thinks a security researcher using the pseudonym Nusenu, the campaign aimed to de-anonymize users.
Nusenu, which itself is the Tor node operator, discovered malicious activity in 2019, but says KAX17 has been in effect since at least 2017. According to Nusenu, malicious servers with no contact information were added to the Tor network on an ongoing basis, with hundreds of them. At its peak, the network included over 900 malicious servers.
In general, servers added to the Tor network must contain contact information (such as an email address) so that Tor administrators or law enforcement agencies can contact node operators in the event of misconfiguration or reports of abuse. Despite this rule, servers without contact information are often added to the network, mainly to maintain their numbers.
KAX17 servers are located in data centers around the world and are mostly configured as exit and intermediary nodes, with only a small number of them operating as exit nodes. As Nusenu notes, this is strange enough, since most attackers who manage malicious nodes configure them as exit nodes, which allows them to modify the traffic. For example, the BTCMITM20 group managed a network of thousands of malicious exit nodes to attack users visiting cryptocurrency-related sites.
According to the researcher, KAX17 collects information about users connecting to the Tor network, and then determines their routes. Nusenu reported its findings to the Tor Project last year, and the servers were removed from the network in October 2020. Soon after, another group of exit nodes appeared in Tor with no contact information, but whether it was associated with KAX17 is unclear.
In October and November 2021, the Tor Project also removed hundreds of KAX17 servers. Neither Nusenu nor the Tor Project have speculated yet on who is behind KAX17.
According to CIPA, in October, camera sales were only 56.3% compared to October 2020.
Japan’s CIPA Camera Manufacturers Association, which brings together Canon, Fujifilm, Nikon, Olympus, Panasonic, Ricoh, Sony and other photographic equipment companies,...
Xigmatek Air Killer S Cooling Systems Fit Intel Alder Lake Processors
Xigmatek has announced the Air Killer S and Air Killer S Arctic processor cooling systems, painted in black and white,...
Viltrox China Red Special Edition Lenses Available at B&H & Amazon
In October, Viltrox introduced the AF 23mm f / 1.4 XF, AF 56mm f / 1.4 XF and AF 33mm...
Acer Nitro 5 laptops with Core i7-12700H and i5-12500H processors spotted on the website of a French store
The source found three laptops on the PC21.fr site with 12th generation Intel Core processors (Alder Lake). In the configuration...
Security5 days ago
Windows Defender scares sysadmins with false Emotet detection
Components7 days ago
Tesla Model Y 2022 gets AMD Ryzen processor instead of Intel Atom, auxiliary battery and laminated glass
Security4 days ago
Ex-Ubiquiti employee posing as a hacker may be imprisoned for 20 years
Phones7 days ago
Poco comments on smartphone explosion in India