Ethio Tech

‹‹የዛሬ ሳምንት አድርገው፡፡ እኔ ሴት ነኝ፡፡ ጦርነት አልወድም፡፡ ነገር ግን አገሬ እንደዚህ ያለ ክብር የሚነካ ዘለፋ ከምትሸከም ጦርነትን እመርጣለሁ፡፡ ሂድ መንገዱ ጨርቅ ያድርግልህ፡፡ እግሩን ለጠጠር ደረቱን ለጦር ሰጥቶ ፣ ደሙን ለአገሩ ፍቅር አፍስሶ ፣ እሱ ወድቆ አገሩን የማያቆም እዚህ ያለ እንዳይመስልህ፡፡ ሂድ የኢትዮጵያን ሰው ባታውቀው ነው፡፡ ለአገሩ መሞት ማለት ለሐበሻ ጌጡ ነው፡፡ ሂድ ባሻህ ጊዜ ተመለስ ተሰናድተን እንጠብቅሃለን፡፡ ያንተን ወንድነትና የጣይቱን ሴትነትም ያን ጊዜ እናየዋለን ሂድ መንገዱን ጨርቅ ያድርግልህ፤›› - ንግሥት ጣይቱ ብጡል

US Govt Warns Critical Industries After Ransomware Hits Gas Pipeline Facility

The U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) earlier today issued a warning to all industries operating critical infrastructures about a new ransomware threat that if left unaddressed could have severe consequences.
The advisory comes in response to a cyberattack targeting an unnamed natural gas compression facility that employed spear-phishing to deliver ransomware to the company's internal network, encrypting critical data and knocking servers out of operation for almost two days.
"A cyber threat actor used a spear-phishing link to obtain initial access to the organization's information technology network before pivoting to its operational technology network. The threat actor then deployed commodity ransomware to encrypt data for impact on both networks," CISA noted in its alert.


As ransomware attacks continue to escalate in frequency and scale, the new development is yet another indication that phishing attacks continue to be an effective means to bypass security barriers and that hackers don't always need to exploit security vulnerabilities to breach organizations.
CISA highlighted that the attack did not impact any programmable logic controllers (PLCs) and that the victim did not lose control of its operations. But in the aftermath of the incident, the company is reported to have initiated a deliberate operational shutdown, resulting in a loss of productivity and revenue.
Noting that the impact was limited to Windows-based systems and assets located in a single geographic locality, it said the company was able to recover from the attack by getting hold of replacement equipment and loading last-known-good configurations.
Although the notification is lean on the specifics of the attack, this is not the first time phishing links have been employed to deliver ransomware. Lake City's I.T. network was crippled last June after an employee inadvertently opened a suspicious email that downloaded the Emotet Trojan, which in turn downloaded TrickBot Trojan and Ryuk ransomware.

The evolving threat landscape means companies need to consider the full scope of threats posed to their operations, including maintaining periodic data backups and devising fail-over mechanisms in the event of a shutdown.
Aside from securing the email channel and identifying and protecting the most attacked individuals, this also underscores the need for adopting appropriate anti-phishing measures to stop social engineering attempts from reaching their targets' inboxes and training people to spot mails that get through.
Additionally, it's imperative that vulnerable organizations safeguard the digital supply chain by segmenting critical network infrastructure using firewalls and conducting periodic security audits to identify gaps and weaknesses.

Stay connected!

IT related service provider!

Hacker Who DDoSed Sony, EA and Steam Gaming Servers Pleads Guilty..............................................................
A 23-year-old hacker from Utah pleaded guilty this week to launching a series of denial-of-service (DoS) attacks against multiple online services, websites, and online gaming companies between 2013 and 2014.
According to a Justice Department (DoJ) press release, Austin Thompson, a.k.a. "DerpTroll," took down servers of several major gaming platforms including Electronic Arts' Origin service, the Sony PlayStation network, and Valve Software's Steam, between December 2013 and January 2014, by flooding them with enough internet traffic.
Thompson then typically used the Twitter account the handle to announce his attacks, subsequently posting screenshots or other photos of the server being unavailable after launching DDoS attacks.
The attacks usually took down game servers and related computers of the victim companies for at least a few hours at a time, causing at least $95,000 in damages to the gaming companies around the world.

Hackers Stole 50 Million Facebook Users' Access Tokens Using Zero-Day Flaw
Logged out from your Facebook account automatically? Well you're not alone…
Facebook just admitted that an unknown hacker or a group of hackers exploited a zero-day vulnerability in its social media platform that allowed them to steal secret access tokens for more than 50 million accounts.
In a brief blog post published Friday, Facebook revealed that its security team discovered the attack three days ago (on 25 September) and they are still investigating the security incident.
The vulnerability, whose technical details has yet not been disclosed and now patched by Facebook, resided in the "View As" feature—an option that allows users to find out what other Facebook users would see if they visit your profile.
According to the social media giant, the vulnerability allowed hackers to steal secret access tokens that could then be used to directly access users' private information without requiring their original account password or validating two-factor authentication code.
Secret access tokens "are the equivalent of digital keys that keep people logged in to Facebook, so they don't need to re-enter their password every time they use the app.
To prevent its users' accounts, Facebook has already reset access tokens for nearly 50 million affected Facebook accounts and an additional 40 million accounts, as a precaution.
"We're taking this incredibly seriously and wanted to let everyone know what's happened and the immediate action we've taken to protect people's security," Facebook said.
"As a result, around 90 million people will now have to log back in to Facebook, or any of their apps that use Facebook Login. After they have logged back in, people will get a notification at the top of their News Feed explaining what happened."
The "View as" feature has also temporarily been disabled, at the time of writing. Facebook has also notified law enforcement officials of the security breach.
ince the investigation is still in the early stages, Facebook has yet to determine whether the attackers misused the stolen access tokens for 50 million accounts or if any information was accessed.
Facebook is already under heavy fire since the revelation that consultancy firm Cambridge Analytica had misused data of 87 million Facebook users to help Donald Trump win the US presidency in 2016.
The Cambridge Analytica scandal led to public outcry for lawmakers to hold Facebook accountable for its data-management practices, raising questions about whether Facebook can be trusted to protect the personal data of its 2 billion users.
And now, the recent revelation has once again underlines the failure of the social-media giant to protect its users’ information while generating billions of dollars in revenue from the same information.

Apache Tomcat Patches Important Security Vulnerabilities
The Apache Software Foundation (ASF) has released security updates to address several vulnerabilities in its Tomcat application server, one of which could allow a remote attacker to obtain sensitive information.
Apache Tomcat is an open source web server and servlet system, which uses several Java EE specifications like Java Servlet, JavaServer Pages (JSP), Expression Language, and WebSocket, and provides a "pure Java" HTTP web server environment for Java concept to run in.
Unlike Apache Struts2 vulnerabilities exploited to breach the systems of America credit reporting agency Equifax late last year, new Apache Tomcat vulnerabilities are less likely to be exploited in the wild.
Apache Tomcat — Information Disclosure Vulnerability
The more critical flaw (CVE-2018-8037) of all in Apache Tomcat is an information disclosure vulnerability caused due to a bug in the tracking of connection closures which can lead to reuse of user sessions in a new connection.
The vulnerability, marked as important, was reported to the Apache Tomcat Security Team by Dmitry Treskunov on 16 June 2018 and made public on 22 July 2018.
The flaw affects Tomcat versions 9.0.0.M9 to 9.0.9 and 8.5.5 to 8.5.31, and it has been fixed in Tomcat 9.0.10 and 8.5.32.
Apache Tomcat — Denial of Service (DoS) Vulnerability
Another important vulnerability, tracked as CVE-2018-1336, in Apache Tomcat resides in the UTF-8 decoder that can lead to a denial-of-service (DoS) condition.
"An improper handling of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service," the Apache Software Foundation says in its advisory.
Apache Tomcat Server Software Updates (Patches)
The vulnerability affects Tomcat versions 7.0.x, 8.0.x, 8.5.x and 9.0.x, and has been addressed in Tomcat versions 9.0.7, 8.5.32, 8.0.52 and 7.0.90.
The Apache Software Foundation also included a security patch in the latest Tomcat versions to address a low severity security constraints bypass bug (CVE-2018-8034), which occurs due to missing of the hostname verification when using TLS with the WebSocket client.
Administrators are strongly recommended to apply the software updates as soon as possible and are advised to allow only trusted users to have network access as well as monitor affected systems.
The Apache Software Foundation says it has not detected any incident of the exploitation of one of these Apache Tomcat vulnerabilities in the wild.
A remote attacker could exploit one of these vulnerabilities to obtain sensitive information.