This Week In Blockchain and CyberSecurity News - January 11, 2019

Ethereum Classic Under Attack

In the last week, the official Twitter handle for the $550 million ETC network warned of "a possible chain reorganization or double spend attack," though they noted that "From what [they] can tell the ETC network is operating normally." However, seven hours after the original tweet above they tweeted again, urging crypto exchanges to be careful processing trades. To some crypto developers and investors, Ethereum Classic is the real Ethereum network. In the summer of 2016, a catastrophic hack threatened to wipe out Ethereum, so the developers forked the project which is now known as Ethereum. There are many comments on the recent double spend attack, such as mining pool operator Etherchain stating that it identified "a successful 51% attack" on the Ethereum Classic network. The founder of Etherplan stated that one ETC miner had more than 60% of the networks hashrate at one point.  A 51% attack is when a single entity or organization is able to control the majority of the hash rate, “potentially causing a network disruption.” Such an attack would allow a malicious entity to try and reverse a transaction that they made while being in control and would lead to a double-spending problem. The majority attack will give the opportunity for the malicious attacker to create coins out of thin air or steal coins that never belonged to the attacker. According to GasTracker, the suspected miner still possess 45% of ETC’s hashrate measured in the past 24 hours(when the article was written). This attack shows that more thought needs to be put into how to protect blockchains against these types of attacks. However, even with the Network breach, Ethereum Classics’ price holds steady.

Read more here!

Blur data leak potentially exposed data of 2.4 Million users

Blur is a popular password manager developed by the firm Albine. Aside from operating as a password manager, Blue also implements private browsing features and masked email. Due to a misconfigured AWS S3 bucket, sensitive information of almost 2.4 million users has been leaked. According to Abine, the file that was left freely accessible online contained various details about Blur users who registered before January 6, 2018. Exposed information included:

  • Each user's email addresses

  • Some users' first and last names

  • Some users' password hints but only from our old MaskMe product

  • Each user's last and second-to-last IP addresses used to login to Blur

  • Each user's encrypted Blur password. These encrypted passwords are encrypted and hashed before they are transmitted to their servers, and they are then encrypted using bcrypt with a unique salt for every user. The output of this encryption process for these users was potentially exposed, not actual user passwords.

It is concerning to see a company whose main goal is to provide security to its customers be a victim of a data breach of this magnitude. Incidents like this exhibit the significance of focusing on data security and an overall secure structure in all aspects of a company.

Read more about the breach here

New Crypto-Mining Attacks Leverage NSA-Linked EternalBlue Exploit

A new version of the NRSMiner is actively spreading in the southern region of Asia. Using EternalBlue malicious attackers are able to spread malware efficiently through many unpatched computers. EternalBlue is one of the NSA exploits stolen by the Shadow Brokers and leaked to the public and it has been used for the WaanaCry and NotPeyta outbreaks in 2017. Even though Microsoft patched it in 2017, many computers are still infected due to a massive failure in individuals or companies not patching across the world. The new crypto miner updates existing infections by downloading new modules and deleting the files and services installed by its own previous versions. The updater module checks to see if the new version is already installed. If it is, it deletes itself. If not, it downloads the malware from one of a series of hardcoded URLs. This malware performs the necessary housekeeping before installing a service named snmpstorsrv, with snmpstorsrv.dll registered as servicedll. It then deletes itself. The newly updated malware creates new threats and conducts many different purposes. Some activities include the exfiltration of the processor and system information, checking for a new module, and running the miner. The updated malware has many fail-safes if it does not work and attempts to run in different areas. A large threat this new cryptojacking malware has is the process wininit.exe completes. Once Wininit.exe is operating on the already infected computer, it scans the local network on TCP port 445 looking for other accessible devices and executes the EternalBlue exploit on any found and vulnerable systems. If successful, it installs the DoublePulsar backdoor on the new system. The new system is infected, and the process begins again. The cryptojacking malware then mines for Monero- a notoriously famous cryptocurrency for privacy.

Read more here

ThreatList: WordPress Vulnerabilities Tripled in 2018

The popular content management system WordPress appears to have had a staggering increase of vulnerabilities in its services. According to a new web application bug research released Wednesday the rate of vulnerabilities occurring has tripled in 2018. To make matters worse, many of the vulnerabilities have a public exploit available to hackers, and a third don't even have any available solution, including a workaround or patch. The most common vulnerabilities are attacks related to injection. SQL injection, command injection, and object injection took up 19 percent of total web app vulnerabilities in 2018. Cross-Site scripting bugs also had an increasing trend in 2018, doubling to 14% since 2017. Wordpress is used by 59% of all websites using a known content management system so it is no surprise that it is a heavily targeted service. Further diving into the issue, one can see that almost 98% of WordPress vulnerabilities are related to plugins that extend the functionality and features of a website or blog. Creating a plugin in WordPress is available to anyone and is fairly simple to publish, which may be behind the high percentage of vulnerabilities that exist in many of them. As we live in an era of data breaches occurring every day, preventative measure have to be completed to prevent the spread of future incidents

Get more info here

Massive data breach targets German politicians 'at all levels'

A data breach leaked the personal data and documents from hundreds of German politicians and public figures. Data leaked included credit card details, mobile phone numbers, personal phone numbers, internal party documents, and private chats. Many documents including the data were brought to light last Thursday in what is thought to be one of the largest leaks in Germany’s history. The leaks affected politicians of all levels including those in the European, national, and regional parliaments.  An interior ministry spokesman could not say whether the documents had been obtained via an external hacking attack on the German parliament or by an insider. A theory of how the attack was orchestrated was that hackers had gained access to private email and social media accounts after obtaining a list of stolen passwords. Whether or not the threat came from an insider or outsider threat, this is an important awakening for governments all around the world.

Get more information here