Here's the List of ~600 MAC Addresses Targeted in Recent ASUS Hack

EXCLUSIVE — While revealing details of a massive supply chain cyber attack against ASUS customers, Russian security firm Kaspersky last week didn't release the full list all MAC addresses that hackers hardcoded into their malware to surgically target a specific pool of users.

Instead, Kaspersky released a dedicated offline tool and launched an online web page where ASUS PC users can search for their MAC addresses to check whether they were in the hit list.

However, many believe it is not a convenient way for large enterprises with hundreds of thousands of systems to know if they were targeted or not.

List of MAC Addresses Targeted in ASUS Supply Chain Attack

To solve this and help other cybersecurity experts continue their hunt for related hacking campaigns, Australian security firm Skylight's CTO Shahar Zini contacted The Hacker News and provided the full list of nearly 583 MAC addresses targeted in the ASUS breach.

"If information regarding targets exists, it should be made publicly available to the security community so we can better protect ourselves," Skylight said in a post shared with The Hacker News.

"So, we thought it would be a good idea to extract the list and make it public so that every security practitioner would be able to bulk compare them to known machines in their domain."

Skylight researchers retrieved the list of targeted MAC addresses with the help of the offline tool Kaspersky released, which contains the full list of 619 MAC addresses within the executable, but protected using a salted hash algorithm.

They used a powerful Amazon server and a modified version of HashCat password cracking tool to brute force 583 MAC addresses in less than an hour.

"Enter Amazon's AWS p3.16xlarge instance. These beasts carry eight (you read correctly) of NVIDIA's V100 Tesla 16GB GPUs. The entire set of 1300 prefixes was brute-forced in less than an hour."

ASUS Hack: Operation ShadowHammer

It was revealed last week that a group of state-sponsored hackers managed to hijack ASUS Live automatic software update server last year and pushed malicious updates to over one million Windows computers worldwide in order to infect them with backdoors.

The security company then informed ASUS about the ongoing supply chain attack campaign on Jan 31, 2019.

After analyzing more than 200 samples of the malicious updates, researchers learned that the hackers, who are not yet attributed to any APT group, only wanted to target a specific list of users identified by their unique MAC addresses, which were hardcoded into the malware.

Though the second stage malware was only pushed to nearly 600 targeted users, it doesn't mean that millions of ASUS computers which received the malicious software update are not compromised.

How to Check if Your ASUS Laptop Has Been Hacked?

After admitting that an unknown group of hackers hacked its servers between June and November 2018, ASUS this week released a new clean version of its LIVE Update application (version 3.6.8) and also promised to add "multiple security verification mechanisms" to reduce the chances of further attacks.

However, you should know that just installing the clean version of the software update over the malicious package would not remove the malware code from the infected systems.

So, to help its customers know if they were a victim of the attack, ASUS also released a diagnostic toolusing which you can check whether your ASUS system was affected by the malicious update.

If you find your computer MAC address in the list, it means your computer has been backdoored by the malicious update, and ASUS recommends you perform a factory reset to wipe up the entire system.

The identity of hackers and their intentions are still unknown.

Read Original Article...

Family locator app leaked real-time location data of 238,000 individuals

We normally consider family locator app as a blessing because we are able to track our family members conveniently through them. But, what if your private data collected or shared on such an app gets misused by cybercriminals because the app fails to secure it properly? It would instantly become a

The same has happened in the case of Australian software house React Apps’ Family Locator app. According to security researcher Sanyam Jain’s latest findings, this app has so far leaked sensitive data including real-time location information of about 238,000 individuals.See: Hackers leave ransom note after wiping out MongoDB in 13 seconds

The data exposure has been occurring for several weeks because of the fact that the database wasn’t properly configured to keep the data protected from landing into wrong hands.

The location data exposure is a real issue of concern here because the app has leaked people’s positions from the distance of a few feet and even displayed the names of geofenced areas that are particularly used to alert or notify family members.

Reportedly, the app’s developer didn’t secure the server with a password due to which the data leak occurred. For your information the app allows registered members to track their family members like spouse or children in real-time. With the app’s FollowMe feature, members are able to receive alerts about the current status of their family members such as whether the child has reached school or the spouse has reached the workplace, etc.

The main culprit behind such a massive data leakage is a poorly protected MongoDB database that was hosted on a Cloud server. The database was storing location data in an unencrypted format, so anyone who finds the database through services like Shodan can check the members’ real-time location as well as their profile photos, email IDs, full name, and login credentials including passwords.

This definitely puts members’ families at great risk since the geofenced locations data is also included in the leaked information.

Jain, who is associated with the GDI Foundation, notified TechCrunch about the unsecure database. TechCrunch has verified the information available on the database after downloading the app and registering with a fake email ID. As soon as the signing up process ended, their real-time location appeared on the database with exact location coordinates.

The company contacted one of the registered members chosen randomly and the user was naturally shocked by the findings. The unnamed user also confirmed that the location information about his workplace and his child’s school was completely accurate.

See: Google collects Android location data even if location service is off

TechCrunch’s Zack Whittaker tried to contact React Apps but the company didn’t respond. TechCrunch then contacted the Australian Securities & Investments Commission to get the company’s business records that provided information about React App’s owner Sandip Mann Singh. However, the owner’s contact number wasn’t listed.

Then TechCrunch informed Microsoft, the company responsible for hosting the MongoDB database on its Azure Cloud server. Microsoft tried to contact the developer after which the database was taken offline. It is currently unclear the duration for which the database remained exposed.

Read Original Article...

The History of Email


— Text of the first email ever sent, 1971

The ARPANET (a precursor to the Internet) was created “to help maintain U.S. technological superiority and guard against unforeseen technological advances by potential adversaries,” in other words, to avert the next Sputnik. Its purpose was to allow scientists to share the products of their work and to make it more likely that the work of any one team could potentially be somewhat usable by others. One thing which was not considered particularly valuable was allowing these scientists to communicate using this network. People were already perfectly capable of communicating by phone, letter, and in-person meeting. The purpose of a computer was to do massive computation, to augment our memories and empower our minds.

Surely we didn’t need a computer, this behemoth of technology and innovation, just to talk to each other.

Computers which sent the first emailThe computers which sent (and received) the first email.

The history of computing moves from massive data processing mainframes, to time sharing where many people share one computer, to the diverse collection of personal computing devices we have today. Messaging was first born in the time sharing era, when users wanted the ability to message other users of the same time shared computer.

Unix machines have a command called write which can be used to send messages to other currently logged-in users. For example, if I want to ask Mark out to lunch:

$ write mark write: mark is logged in more than once; writing to ttys002 Hi, wanna grab lunch? He will see:

Message from This email address is being protected from spambots. You need JavaScript enabled to view it. on ttys003 at 10:36 ... Hi, wanna grab lunch? This is absolutely hilarious if your coworker happens to be using a graphical tool like vim which will not take kindly to random output on the screen.

Persistant Messages

When the mail was being developed, nobody thought at the beginning it was going to be the smash hit that it was. People liked it, they thought it was nice, but nobody imagined it was going to be the explosion of excitement and interest that it became. So it was a surprise to everybody, that it was a big hit.

— Frank Heart, director of the ARPANET infrastructure team

An early alternative to Unix called Tenex took this capability one step further. Tenex included the ability to send a message to another user by writing onto the end of a file which only they could read. This is conceptually very simple, you could implement it yourself by creating a file in everyones home directory which only they can read:

mkdir ~/messages chmod 0442 ~/messages Anyone who wants to send a message just has to append to the file:

echo "

Read Original Article...

South Africa to develop three more nano-satellites worth R27 million

The Department of Science and Technology (DST), director general, Dr Phil Mjwara, announced earlier this week that the department is committed to support the development of a constellation of satellites through the investment of R27 million.

The director general announced this at a plenary briefing that was hosted by the Cape Peninsula University of Cape Town (CPUT), after the successful launch of the country’s second nano-satellite, ZACUBE-2, which is considered the most advanced on the continent.

“We have contracted CPUT to develop three more nano-satellites to the value of R27 million to be launched by 2020. This investment will allow us to take full advantage of SA’s vast and exclusive economic zone, our oceans, which have the potential to add R177 billion to the country’s gross domestic product and create over 1 million jobs by 2033,” Mjwara told IOL News.

The nano-satellite named ZACUBE-2 is funded by DST in support of Operation Phakisa, to provide cutting edge, high frequency data exchange communication systems to maritime industry and it will monitor the movement of ships along the coastline with its automatic identification system (AIS).

ZACUBE-2 is the predecessor of ZACUBE-1, which was developed by CPUT space programme graduates four years ago, and continues to transmit space weather data.

“Currently South Africa purchases its AIS data at huge cost from outside service providers, and we are now in position to provide our own data but at present only twice. Once we have a constellation of satellites providing a constant flow of data, it will go towards proving SA has the indigenous knowledge to provide this technology for our country,” concluded CPUT head of space programme, Prof Robert Van Zyl.

Read Original Article...

Huawei & Rain announce launch of South Africa’s first commercial 5G network

At MWC 2019 local service provider Rain has announced that it has launched the first 5G commercial network in South Africa in partnership with Huawei.

This move would make South Africa one of the first countries in the world to launch 5G, with Rain slating a rollout of the network by mid-2019, with areas of Johannesburg and Cape Town being the first two metropoles to receive it. 

With Huawei’s end-to-end 5G solutions, Rain will be able to build the 5G network using its 3.6GHz spectrum, the company has explained. In the first phase of rollout, Rain has already deployed a number of new base stations in Johannesburg and Cape Town. 

Huawei and Rain execs following their 5G network announcement at MWC 19. “The network will provide fibre-like speeds without the installation complexities, time delays and cost of laying fibre in under-serviced areas,” notes Rain CEO Willem Roos.

Apart from deploying new base stations, Huawei’s says its solutions will enable Rain to fully leverage its existing LTE network and allocated spectrum for 5G deployment, the Chinese firm says.

“It is an important step working with Rain to build the first 5G network in South Africa. With our solutions, we are committed to working with operators to build future-oriented networks that will give them the maximum value from their investment and give their customers the best user’s experience,” Shi Jilin, president of Huawei Cloud Core Network Product Line.

According to their plan, Rain will continue to cover major areas in South Africa with 5G networks, including Johannesburg, Cape Town, and Durban, with a specific focus on services to homes and enterprises.

In September, Rain expects to release 5G products and plans to further promote 5G-enabled applications in terms of industry video, remote driving and smart manufacturing. For now, there is no precise detail on pricing for packages with the company expected to release more information closer to the mid-2019 rollout.

“Rain is very optimistic about the business prospects of South Africa’s 5G network, and will continue to invest more in 5G networks and better serve users,” concludes Roos.

Read Original Article...
Apple Repairs and Service
Member of the Internet Defense League

BitcoinCash Accepted