Security

Another month, another cryptocurrency exchange hacked and 'millions of dollars' stolen by miscreants

Plus get patching your Palo Alto kit, there's a nasty crit out there

6 Got Tips?

In brief Cryptocurrency exchange Eterbase last week admitted hackers broke into its computers and made off with other people's coins, said to be worth $5.4m.

The plug was pulled on the digital dosh exchange as a result, though it may return at some point: it claims to have enough capital to surmount the cyber-heist. Investigations by staff and law enforcement are ongoing.

"We want to inform our users that we have enough capital to meet all our obligations," the site's operators said in a statement.

"We want to reassure everyone that this event won't stop our journey. After the security audit of renowned global companies, our operations will continue. We will announce the date of the reopening of the ETERBASE Exchange platform as soon as possible."

Patch your Palo Alto kit

Palo Alto Networks has emitted nine security patches for its products, and one of them is for a critical flaw in some installations.

The updates are for Palo Alto's PAN-OS and the most serious, CVE-2020-2040, has a CVSS score of 9.8 out of 10 – i.e. it needs fixing urgently. If you're running Multi-Factor Authentication (MFA) or Palo Alto's Captive Portal interface, an attacker can exploit a buffer overflow to ultimately gain code execution as root.

There are also a handful of more minor fixes for the PAN management web interface and some low-grade issues with passwords being occasionally stored in plain text.

Fortunately there's no sign of these being exploited in the wild as yet. But, with the patches released, it's only a matter of time before someone cooks up some exploit code, so it's worth patching early.

Zoom finally gets two-factor sorted

Popular videoconferencing app maker Zoom has started rolling out two-factor authentication for its desktop and mobile applications.

Previously only available on the web client, the security system will allow admins to insist on multiple forms of authentication for meeting participants. It'll work with Google Authenticator, Microsoft Authenticator, and FreeOTP.

As research this week showed, the majority of Zoom intrusions are not the work of hackers, but someone who has been given login details to a meeting and then shared them with miscreants. Two-factor authentication may put a dent in this kind of zoombombing by making it too much of a faff for miscreants to log in using shared credentials.

With its popularity exploding amid the COVID-19 coronavirus pandemic, Zoom has had to take a serious look at its security, including hiring key players to make sure it's up to scratch.

General Keith Alexander, who was in charge of the NSA when Ed Snowden blew the whistle on the super-agency's illegal spying programs, is now on Amazon's board of directors. He is also on Amazon's audit committee. This move is likely intended to help Amazon get its foot in the door in more US government contracts.

A timing attack on HTTPS and other things that use TLS/SSL, dubbed the Raccoon Attack, has been documented. "Raccoon allows attackers under certain conditions to break the encryption and read sensitive communications," the brains behind it explained. "The vulnerability is really hard to exploit and relies on very precise timing measurements and on a specific server configuration to be exploitable." TLS 1.3 isn't affected. Don't panic, in other words: update your software and you'll get fixes that counter the attack.

School's out for ransomware

Students in Hartford, Connecticut, got an extra day of holiday after the school system was taken down by ransomware.

The malware borked key logistics systems on Tuesday in the US city. Hartford Mayor Luke Bronin said the infection was “significantly limited” due to computer security systems installed last year. Schools were back up and running the following day, though we're sure students appreciated their digital snow day.

Hartford is far from alone in getting hit: research [PDF] this week from infosec outfit Bitdefender claimed ransomware attacks were up over 700 per cent year on year. Schools are easy targets, usually with very little security infrastructure, and typically with insurance that will pay the ransom to, hopefully but not necessarily, unscramble files.

There's also students themselves to contend with. A teenager is right now facing felony charges after allegedly taking down a Miami school's networks with a DDoS attack. ®

Sign up to our NewsletterGet IT in your inbox daily

6 Comments

Keep Reading

US govt warns foreign hackers 'will likely try to exploit' critical firewall bypass bug in Palo Alto gear – patch now

Bogus signatures may fool your corp network's gatekeeper

If you haven't potentially exposed 1000s of customers once again with networking vulns, step forward... Not so fast, Palo Alto Networks

Getting to be a real PAN in the OS

IT isn't supposed to stand for Insider Trading... Palo Alto Networks sysadmin and pals accused of $7m shares caper

Techie allegedly fed secret financial info to buddies ahead of public release

Palo Alto Networks buys security startup Redlock for $173m

Threat detection outfit gets new owners

Palo Alto Networks rattles tin, wants $1.5bn for, er, stuff and things

Loan notes to build war chest – yet firm denies it's eyeing up a fresh buyout

Palo Alto names new CEO: Former Googler Nikesh Arora

He's heard of security but groks the cloud at scale and that's what matters

Palo Alto Networks' new boss hints at borging rivals as losses shrink

And they're sitting on a giant cash pile, much to chief exec Nikesh Arora's glee

Palo Alto Networks buys LightCyber for $105m

No, not the fictional energy sword, the machine learning hacker sniffer

HPE HQ to leave Palo Alto birthplace as it 'consolidates' offices

Aruba's new digs in Santa Clara are the right fit for 'smaller, nimbler company'

Palo Alto gateway security alert, FSB hack, scourge of data-stealing web plugins, and more

Roundup A summary of computer security news for you, delivered rapid-fire-style

Tech Resources

Webcast Slide Deck | Three reasons you need a hybrid multicloud

Businesses need their IT teams to operate applications and data in a hybrid environment spanning on-premises private and public clouds. But this poses many challenges, such as managing complex networking, re-architecting applications for the cloud, and managing multiple infrastructure silos. There is a pressing need for a single platform that addresses these challenges - a hybrid multicloud built for the digital innovation era. Just this Regcast to find out: Why hybrid multicloud is the ideal path to accelerate cloud migration.

Has Recent Rapid Cloud Adoption Increased Your Threat Risk?

It’s time to embrace cloud capabilities that can help businesses address speed to market through agility, lower TCO and an increased security posture.

IBM and Nvidia® Solutions Power Insights with the New AI

IBM is well-positioned to help organizations incorporate high-performance solutions for AI into the enterprise landscape.

Breach and Attack Simulation For Dummies

This ebook covers attacks on your network. But not the ones you expect — these are actually coming from you.