Chinese military tied to prolific hacking group targeting US aerospace industry

Investigators said they have identified a secretive hacking group that has spent years systematically targeting US partners in the space and satellite industry, most likely on behalf of the Chinese military.

The group typically gains a foothold in sensitive networks by attaching booby-trapped documents to e-mails, according to a 62-page report published Monday by Crowdstrike, a firm that conducts forensic investigations on behalf of customers who have suffered security breaches. When employees click on the documents, the attackers are able to gain control over their PCs. The attackers then use the PCs to take control of servers housing blueprints, customer lists, or other sensitive data. The group, dubbed as Putter Panda, is connected to Unit 61486 of the People Liberation Army's (PLA's) Third General Staff Department, according to the report.

"Putter Panda is a determined adversary group, conducting intelligence-gathering operations targeting the Government, Defense, Research, and Technology sectors in the United States, with specific targeting of the US Defense and European satellite and aerospace industries," Crowdstrike researchers wrote. "The PLA ’s GSD Third Department is generally acknowledged to be China’s premier Signals Intelligence (SIGINT) collection and analysis agency, and the 12th Bureau Unit 61486, headquartered in Shanghai, supports China’s space surveillance network."

Read 2 remaining paragraphs | Comments

Drupal Websites Not Receiving Security Updates in a Timely Manner

At the end of March we took a look at Drupal’s usage statistics and found that two months after new versions of Drupal 6 & 7, which included security updates, were released only 33 percent of Drupal 7 websites were running the latest version and only 19 percent of Drupal 6 websites were running the latest version. That obviously isn’t what you would like to see if you care about security.

It has now been two months since another set of security updates, 6.31 and 7.27, have been released. The percentage of websites that have updated to at least those versions isn’t much different from what we saw with the last set of updates. 29 percent of Drupal 7 websites are running at least 7.27 and 17 percent of Drupal 6 websites are running 6.31.

For those interested we have graphed the percentage of websites that have been upgraded over time:

Drupal 7 Update Pace Graph

drupal-6-update-pace-graph

For both Drupal 6 & 7 the graphs show that during the first two weeks after a new version is released there is pretty quick uptake and then it slows down.

With drupal.org still running 7.27 a month after 7.28 was released that might indicate that the upgrade process could be improved:

drupal.org is Running Drupal 7.27

 

With our Up to Date? Chrome app you can keep track of the Drupal versions (as well other web apps) on all of the websites you manage in one place, so you can easily check if they are in need of an upgrade.

 

Kids with operator’s manual alert bank officials: “We hacked your ATM”

Two 14-year-old Canadians hacked a Bank of Montreal ATM after finding an operator's manual online. The manual showed how to gain administrative control of the device, according to a media report published over the weekend.

When Matthew Hewlett and Caleb Turon tested the instructions against an ATM at a nearby supermarket, the ninth graders didn't expect them to work, The Winnipeg Sun reported Sunday. To their surprise, the machine quickly prompted them for a password. Even more surprising, their first guess—a six-character password that's common among default settings—let them in. The boys then reported their lunch-hour caper to bank employees, who at first thought the duo had merely acquired the PINs of an ATM customer.

"I said: 'No, no, no. We hacked your ATM. We got into the operator mode,'" Hewlett was quoted as saying. Then, the bank employees asked for proof.

Read 3 remaining paragraphs | Comments