Cryptojacking like an animal: the Drupal vulnerability
The San Diego Zoo is just one of almost 400 websites that has been compromised by a bug called Drupalgeddon 2.0. This vulnerability in the Drupal content management system was discovered and patched in March 2018. But the almost-400 infected sites, mostly government and university organizations, had not yet updated with the patch and unfortunately found themselves targeted by a cryptojacking scheme. The ploy saps CPU power from site visitors without their knowledge, using it to mine Monero.
The cryptomining software surreptitiously at work is Coinhive-based, though the program has been slightly throttled, presumably in an effort not to alert victims. At 100% capacity, Coinhive uses all CPU power available, which could ultimately result in overheating or system malfunction. By throttling the amount of power being siphoned, the victim’s system may not show any signs of being hacked. If nothing else, this news is a blazing reminder to always update our tech.
Equifax reports details of massive 2017 breach
In a filing with the Securities and Exchange Commission (SEC) last week, Equifax provided more details on the millions of accounts compromised in their infamous 2017 data breach. While the newly-reported info did not contain any surprises or changes to previously reported facts, it did clarify exactly what data was stolen.
Along with over 140 million names, birthdates, and social security numbers, Equifax reports the breach also included 99 million addresses, 20.3 million phone numbers, 17.6 million driver’s license numbers, and other sensitive information. Also stolen were tens of thousands of images including photos from drivers licenses, passports, ID cards, and more. While Equifax has patched the Apache Struts vulnerability, the heart of the breach, recent findings indicate that more than half of global Fortune 100 companies still have yet to do so.
Hacking surveillance cameras is easy
Ezequiel Fernandez, a security researcher in Argentina, discovered a flaw inherent in tens of thousands of surveillance cameras connected to the internet. Fernandez learned that a very simple, brief line of code can dupe the cameras’ DVR control panels into providing their admin credentials, thereby giving the user keys to the camera access kingdom.
At first, the discovery seemed to apply only to Spanish-made cameras, but research soon confirmed that many brands around the globe contain the same flaw. Fernandez has published the hacking code, but so far there have been no substantial attacks or threats detected that exploit the vulnerability.
Is net neutrality back on the table?
Democrats are leading the charge to force a vote on rejecting last December’s repeal of net neutrality. While the new rules triggered by the repeal have not yet officially gone into effect, the FCC has indicated that a press release addressing those would soon be forthcoming. The new vote, however, will most likely happen sooner, as its proponents have it on a fast track.
The rejection of the repeal is expected to pass in the Senate with a 50-49 vote, its success predicated on the continued absence of Republican Senator John McCain. After that, however, the issue will have a difficult road through the Republican-led House of Representatives. There is also speculation that the president himself will veto the rejection, should it ever land on his desk, though Democratic Senator Ed Markey from Massachusetts warns that act would spark a “political firestorm.” Markey hopes the Senate vote will take place next week.
Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Learn more about products that protect your digital life at avast.com. And get all the latest news on today’s cyberthreats and how to beat them at blog.avast.com.
*** This is a Security Bloggers Network syndicated blog from Blog | Avast EN authored by Avast Blog. Read the original post at: https://blog.avast.com/fight-for-net-neutrality-and-might-of-cryptojacking-malware