You know what doesn’t sound fun? Missing Thanksgiving because your plane got hacked, hell of an excuse though.
GOT(IT) #9 Wohoo! we’re reaching number ten very soon… Discussing IT security news, which isn’t always good news, but it is crucial to stay updated on the latest “Oh F***” in security breaches. So it’s time to see what this week’s got for us.
It seems Google’s research found out that 1.9 billion usernames and passwords are currently available in the black market; it was discovered that Anti-Virus can be exploited to help malware persist; and a Boeing 757 has been hacked while it was on the runway.
|1.9 Billion Accounts Available in the Black Market|
Google has been working with the University of California on a study that focuses on data breaches, and stolen credentials in underground ecosystems. The results? It was revealed that about 1.9 billion credentials were available in the black market for purchase.
How? Any conceivable method: Key loggers, phishing, malware. Google also showcased how their accounts were affected: about 25% of the stolen credentials can give access to Google user accounts. This data was obtained by matching the credentials, stolen from thousands of online services, with Google’s database.
This fuels the reinvention of passwords and how security on multiple accounts is handled; password managers is the new “hip” thing, because the main issues is that users are failing to create different keys for different services.
|AVGater Exploited to Protect Malware|
A researcher named Bogner published an article on a new vulnerability: an exploit that can potentially restore a malware from AV quarantine and give the local user full control over the endpoint. In a nutshell, once the malware is put into quarantine, an attacker can manage to relocate the file into sensitive directories like C:Program Files.
Using NTFS directory junctions abuse, the file is restored and loaded by a different process; thus it executed its payload freely. Who was affected? Top-tier brands like Kaspersky, Malwarebytes, Ikarus, and a few dozen that are probably not going to be disclosed until the fix is applied. Most of these vendors, now public, have patched the issue after the researcher gave private notice.
|Boeing 757 Hacked Remotely While on Runway|
Scary, right? The US Department of Homeland Security was hacked by security professionals on an exercise that looked to breach the aircraft as it sat on the runway. The results were successful and the method classified.
Luckily, we’re talking about an intended event. The DHS’s Cyber Security Division representative, Robert Hickey, explained that the breach was conducted through radio frequency communications and that it managed to “establish a presence on the systems of the aircraft”.
The good thing: newer aircraft were designed with these kind of events in mind; the bad thing is that older ones weren’t. The risk isn’t just the proper security of the system, but the financial effort an update would mean to any airline. As the article explains, a single line of code and its implementation would cost about $1 million to achieve.
Remember to turn your phone off during flights, keep your seat up when hacking occurs, and (for the love of god) have different passwords for your accounts.