Another month, another cryptocurrency exchange hacked and 'millions of dollars' stolen by miscreants
Plus get patching your Palo Alto kit, there's a nasty crit out there
In brief Cryptocurrency exchange Eterbase last week admitted hackers broke into its computers and made off with other people's coins, said to be worth $5.4m.
The plug was pulled on the digital dosh exchange as a result, though it may return at some point: it claims to have enough capital to surmount the cyber-heist. Investigations by staff and law enforcement are ongoing.
"We want to inform our users that we have enough capital to meet all our obligations," the site's operators said in a statement.
"We want to reassure everyone that this event won't stop our journey. After the security audit of renowned global companies, our operations will continue. We will announce the date of the reopening of the ETERBASE Exchange platform as soon as possible."
Patch your Palo Alto kit
Palo Alto Networks has emitted nine security patches for its products, and one of them is for a critical flaw in some installations.
The updates are for Palo Alto's PAN-OS and the most serious, CVE-2020-2040, has a CVSS score of 9.8 out of 10 – i.e. it needs fixing urgently. If you're running Multi-Factor Authentication (MFA) or Palo Alto's Captive Portal interface, an attacker can exploit a buffer overflow to ultimately gain code execution as root.
There are also a handful of more minor fixes for the PAN management web interface and some low-grade issues with passwords being occasionally stored in plain text.
Fortunately there's no sign of these being exploited in the wild as yet. But, with the patches released, it's only a matter of time before someone cooks up some exploit code, so it's worth patching early.
Zoom finally gets two-factor sorted
Popular videoconferencing app maker Zoom has started rolling out two-factor authentication for its desktop and mobile applications.
Previously only available on the web client, the security system will allow admins to insist on multiple forms of authentication for meeting participants. It'll work with Google Authenticator, Microsoft Authenticator, and FreeOTP.
As research this week showed, the majority of Zoom intrusions are not the work of hackers, but someone who has been given login details to a meeting and then shared them with miscreants. Two-factor authentication may put a dent in this kind of zoombombing by making it too much of a faff for miscreants to log in using shared credentials.
With its popularity exploding amid the COVID-19 coronavirus pandemic, Zoom has had to take a serious look at its security, including hiring key players to make sure it's up to scratch.
General Keith Alexander, who was in charge of the NSA when Ed Snowden blew the whistle on the super-agency's illegal spying programs, is now on Amazon's board of directors. He is also on Amazon's audit committee. This move is likely intended to help Amazon get its foot in the door in more US government contracts.
A timing attack on HTTPS and other things that use TLS/SSL, dubbed the Raccoon Attack, has been documented. "Raccoon allows attackers under certain conditions to break the encryption and read sensitive communications," the brains behind it explained. "The vulnerability is really hard to exploit and relies on very precise timing measurements and on a specific server configuration to be exploitable." TLS 1.3 isn't affected. Don't panic, in other words: update your software and you'll get fixes that counter the attack.
School's out for ransomware
Students in Hartford, Connecticut, got an extra day of holiday after the school system was taken down by ransomware.
The malware borked key logistics systems on Tuesday in the US city. Hartford Mayor Luke Bronin said the infection was “significantly limited” due to computer security systems installed last year. Schools were back up and running the following day, though we're sure students appreciated their digital snow day.
Hartford is far from alone in getting hit: research [PDF] this week from infosec outfit Bitdefender claimed ransomware attacks were up over 700 per cent year on year. Schools are easy targets, usually with very little security infrastructure, and typically with insurance that will pay the ransom to, hopefully but not necessarily, unscramble files.
There's also students themselves to contend with. A teenager is right now facing felony charges after allegedly taking down a Miami school's networks with a DDoS attack. ®