Author: neil

Security researchers have recently uncovered a massive cryptojacking campaign that relies on compromised MikroTik routers. It targets these routers to conduct cryptocurrency mining by changing its configuration. It injects a copy of the Coinhive in-browser cryptocurrency mining script into every web page that a user visited.

The campaign has taken off the ground this week and was in its initial stages. It mainly focused on compromising devices located in Brazil but later began targeting MikroTik routers in other geo-locations all over the world. In total, 210,000 MikroTik routers have been compromised.

The hack exploits a security flaw in Winbox, a remote management service bundled in MikroTik routers’ operating system, RouterOS.  This flaw was was reportedly discovered early this year (April 2018) but accordingly patched the next day.

If you own a MikroTik router, it is advised that you should install the the latest MikroTik firmware as soon as possible. Also, as an added precaution, security mechanisms such as firewalls should always be enabled.

364 inmates from five Idaho prisons exploited a vulnerability in their prison-issued tablets to issue themselves nearly $225,000 worth of digital credits to their accounts. They were able to crack and leverage a software vulnerability on their JPay tablets to increase their balances. The transferred credits were then used to buy music, ebooks and games.

The Idaho Department of Correction (DOC) discovered the hack earlier this month. They emphasized though that no real money was stolen and that the credits did not involve taxpayer dollars.

For a few years now, tablets are allowed at low-security level prisons across the United States. This gives the inmates the privilege to email their families, access educational materials, read news, and even purchase music and simple computer games. They’ve been offered through a contract between JPay and CenturyLink.

Prison officials have already reprimanded the inmates involved in the hacking. They have been charged with a disciplinary offense and lost various privileges. They may also be reclassified to a higher security risk level.

According to the DOC, JPay has managed to recover $65,000 worth of digital credits from the 364 inmate accounts. It has also blocked the inmates involved from being able to download music and games until the company is compensated for their losses.

Over the weekend of July 14, North Carolina-based LabCorp, United States’ biggest blood testing laboratories network, forced a shutdown on its IT network after hackers breached into their system.

As part of its breach response policy, the company immediately took various portions of its systems offline to contain the hack.

Excerpts from the form 8-K they filed with the Securities and Exchange Commission read:

“LabCorp detected suspicious activity on its information technology network.”

“LabCorp immediately took certain systems offline as part of its comprehensive response to contain the activity,”

“Work has been ongoing to restore full system functionality as quickly as possible”

The breach could potentially expose millions of patient records at risk. Taken from their webpage: LabCorp provides diagnostic, drug development and technology-enabled solutions for more than 115 million patient encounters per year.

The company, however, is trying to downplay the incident assuring their customers not to worry.

“At this time, there is no evidence of unauthorized transfer or misuse of data. LabCorp has notified the relevant authorities of the suspicious activity and will cooperate in any investigation,” it said in its statement.

FBI is currently monitoring the situation and LabCorp is required to alert customers whose data were compromised within 60 days.

Healthcare organizations are often the target of hackers and cybercriminals for data breaches because it is believed that the highly sensitive data they keep on records is worth a lot when sold online.