News briefs, October 2015
» Researchers at Level 3 Communications identified a new DDoS vector they call Portmapper. Millions of servers run an open portmapper service leaving them ripe for exploitation. The attackers are targeting gaming and web hosting providers. Although Portmapper is gaining traction, it still charts far lower than other DDoS methods. Level 3 believed it warranted an advance warning, however.» A leaked NSA map showed the location of U.S.-based victims of Chinese cyberespionage attacks over a five-year period. Red dots on the map mark successful attempts to steal data about American critical infrastructure from public and private sector firms. More than 600 dots are documented.
» Microsoft's new Windows 10 operating system was documented as sending users' data back to the company, even with certain settings turned off. If settings are disabled, the OS, by default, sends information, such as users' locations and typing patterns, to the parent company.
» Attackers have been observed substituting Cisco's IOS bootstrap with a malicious ROMMON image after first accessing the company's IOS devices. Using a malicious ROMMON provides attackers an additional advantage because infection will persist through a reboot. Attackers didn't exploit a vulnerability. Rather, they acquired valid admin credentials or were able to gain physical access to the device to carry out the attack.
» The University of Virginia announced that attackers originating from China illegally accessed portions of its information technology systems, but no personal information appeared to have been affected. The company took down its IT system while investigating the breach. All users were required to change their Eservices login passwords, which are used for various purposes, including gaining access to email and calendar services and network printing.
» Following the data breach at Ashley Madison, John McAfee published a piece positing that a lone female was the likely perpetrator of the attack. Pointing to research he conducted on the dark web with “reliable sources,” and his analysis of the data, McAfee wrote that he can “confidently claim that the single person is a woman, and has recently worked within Avid Life Media.”
» Researchers identified a vulnerability that impacted nearly 90 percent of Android devices at the time of its disclosure. An attacker can exploit the vulnerability to cause a device to reboot, and it is similar to a previously identified bug in that it exists in the mediaserver program, Wish Wu. The vulnerability affects Android versions 4.0.1 to 5.1.1.
» Anonymous has launched another online battle against members of the Islamic State (IS, formerly ISIS/ISIL) group. The hacktivists are targeting and attacking the online network of supporters and suspected websites of the IS. A recent developing offshoot of the Anonymous group, known as GhostSec or Ghost Security, revealed that their members are attacking thousands of publicity websites and social media accounts operated by the IS group.
»According to a new report from G Data, smartphones from China have been discovered shipping complete with pre-installed malware in the device firmware.