Tag Archive for: granting

Hacker steals Verizon employee database after tricking worker into granting remote access

/in


A database of contact information for hundreds of Verizon employees is in the hands of cybercriminals, after a member of staff was duped into granting a hacker access to their work PC.

The revelation of a data breach comes from security journalist Lorenzo Franceschi-Bicchierai of Vice, who describes how an anonymous hacker contacted him earlier this month to brag about what they had achieved:

“These employees are idiots and will allow you to connect to their PC under the guise that you are from internal support,” the hacker told Franceschi-Bicchierai in an online chat.

The compromised data included the full name, email address, corporate ID number, and phone number of hundreds of Verizon staff members.  Although Franceschi-Bicchierai was unable to confirm that all of the information was up-to-date, he was able to verify the legitimacy of some of the data by calling phone numbers that had been exposed, and asking individuals who answered to confirm their names and email address.

According to the hacker, having tricked a Verizon employee into granting them access to their corporate computer, they were then able to access an internal company tool to retrieve employee information, and scraped the database with a script.

In an extortion email to Verizon, the hacker claims to have requested a $250,000 reward for their efforts, threatening to leak the employee database online:

Please feel free to respond with an offer not to leak you’re [sic] entire employee database

Verizon confirmed to Vice that it had been contacted by the hacker, but downplayed the significance of the breach:

“A fraudster recently contacted us threatening to release readily available employee directory information in exchange for payment from Verizon. We do not believe the fraudster has any sensitive information and we do not plan to engage with the individual further. As always, we take the security of Verizon data very seriously and we have strong measures in place to protect our people and systems.”

It’s accurate that the breach would have been worse if it had included more sensitive information.  For instance, banking details, social security numbers, passwords, and the like would have potentially made the breach…

Source…

Microsoft Discovers Nimbuspwn Privilege Escalation Vulnerability on Linux Systems Granting Hackers Root Permissions

/in


Microsoft discovered a privilege escalation vulnerability in Linux environments that could allow an attacker to take over computer systems.

The vulnerabilities collectively referred to as Nimbuspwn could be chained together to gain root privileges, allowing an attacker to create backdoors, deploy malicious payloads, and perform root code execution.

Microsoft says Nimbuspwn vulnerabilities could potentially be leveraged as a vector for ransomware deployment and other sophisticated threats, including nation-state cyber-espionage.

Nimbuspwn Linux privilege escalation vulnerability explained

Microsoft 365 defender research team began by listening to messages on the system bus leading them to review the code for the networkd-dispatcher.

They discovered information leaks via Directory Info Disclosure in Blueman and Directory Info Disclosure in PackageKit (CVE-2022-0987). Further probes led to the discovery of more issues on the networkd-dispatcher whose daemon runs at boot with root privileges.

A review of networkd-dispatcher code led to the discovery of directory traversal, symlink race, and time-of-check-time-of-use race conditions.

Microsoft says the networkd-dispatcher daemon used the “_run_hooks_for_state” method to discover and run scripts depending on the network state.

The method returns executable script files from the “/etc/networkd-dispatcher/.d” owned by the root user and the root group. The daemon then runs each script using the subprocess.Popen process.

Vulnerabilities in the networkd-dispatcher components:

  • The use of symbolic links – Microsoft discovered that the subprocess.Popen follows symbolic links in the discovery and running of scripts in the base directory.
  • Directory traversal vulnerability (CVE-2022-29799) – Microsoft discovered that the control flow fails to sanitize the OperationalState and the AdministrativeState states. Since the states are responsible for creating the executable script paths, an attacker could escape the “/etc/networkd-dispatcher” directory using the “../../” directory traversal patterns.
  • Time-of-check-time-of-use race condition (CVE-2022-29800) – Microsoft discovered a time gap between the discovery and execution of the root…

Source…

Fake Microsoft scammers lure users into granting remote access to PCs – Computer Weekly

/in

Hackers claiming to represent Microsoft are using phishing attacks to dupe UK residential and business PC users into paying for fake anti-malware software and services. The cyber criminals, claiming to represent a Microsoft partner company, E-Pro Solutions …
Read more