Security Affairs
Attacker Used AI to Build Custom PowerShell Recon Malware|Malware Hits Japan’s Largest Taxi Company Nihon Kotsu, Services Temporarily Suspended|CrashStealer: New macOS Infostealer Uses Signed Apps to Evade Gatekeeper|Lidl Notified Online Shop Customers in Germany, Belgium, and the Netherlands of a Data Breach|U.S. CISA adds a Cisco IOS flaw to its Known Exploited Vulnerabilities catalog|EU Targets FSB-Linked Hackers in New Sanctions Over Cyber Sabotage|Dutch Nationals Suspected in Odido Hack That Exposed Six Million Customers|Australia Alerts Organizations to Ongoing CMS Exploitation Attacks|Ryuk Ransomware Member Pleads Guilty Over Attacks on U.S. Organizations|Progress Told ShareFile Customers to Pull the Plug on Their Servers. Here’s What We Know.|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 105|Security Affairs newsletter Round 585 by Pierluigi Paganini – INTERNATIONAL EDITION|Attacker Used AI to Build Custom PowerShell Recon Malware|Malware Hits Japan’s Largest Taxi Company Nihon Kotsu, Services Temporarily Suspended|CrashStealer: New macOS Infostealer Uses Signed Apps to Evade Gatekeeper|Lidl Notified Online Shop Customers in Germany, Belgium, and the Netherlands of a Data Breach|U.S. CISA adds a Cisco IOS flaw to its Known Exploited Vulnerabilities catalog|EU Targets FSB-Linked Hackers in New Sanctions Over Cyber Sabotage|Dutch Nationals Suspected in Odido Hack That Exposed Six Million Customers|Australia Alerts Organizations to Ongoing CMS Exploitation Attacks|Ryuk Ransomware Member Pleads Guilty Over Attacks on U.S. Organizations|Progress Told ShareFile Customers to Pull the Plug on Their Servers. Here’s What We Know.|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 105|Security Affairs newsletter Round 585 by Pierluigi Paganini – INTERNATIONAL EDITION|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Hacker breached the Canadian Quebec Liberal Party’s video conferencing software

An unnamed hacker hacked the video conferencing software used by the Quebec Liberal Party and shared the news with the media. Politicians are a privileged target of hackers, in many cases they totally ignore the risk of a cyber attack and their staff is not aware of ongoing espionage activities. We read about hackers that […]

Hacker breached the Canadian Quebec Liberal Party’s video conferencing software

An unnamed hacker hacked the video conferencing software used by the Quebec Liberal Party and shared the news with the media.

Politicians are a privileged target of hackers, in many cases they totally ignore the risk of a cyber attack and their staff is not aware of ongoing espionage activities.

We read about hackers that influenced Mexican elections and recently the US Director of National Intelligence James Clapper revealed that attackers are targeting the campaigns of US presidential contenders.

It is clamorous the case of Hillary Clinton, recently Marcel Lehel Lazar also known as Guccifer has admitted the hack of her private email server occurred in 2013.

Today we will speak about the Canadian Quebec Liberal Party (PLQ), that fixed a security issue affecting the video conferencing software it used. It seems that an unknown hacker exploited the flaw to spy on the members of the Party obtaining access to information shared during private meetings.

The good news in this specific case is that the hacker was not ill-intentioned and ethically disclosed the problem to the Quebec Liberal Party staff allowing it to fix the issue.

The unnamed hacker revealed to the Canadian media that the video conferencing software used by the Quebec Liberal Party contained a security flaw and was not properly configured, the staff used the factory default password.

“A security flaw in the computer systems of the permanence of the Quebec Liberal Party (PLQ) allowed a user to observe and hear the strategy discussions of the party at its premises in Montreal and Quebec City.” reported the Le Journal de Montreal. “According to what we learned, the security breach used to hack the PLQ was the same type as the one that allowed two 14 year olds to hack an ATM of Bank of Montreal last week. That is to say, by entering a single password and commonly used by default.”

To be precise, the Quebec Liberal Party officials did not provide information about the way the hacker breached the system, it is not clear if he exploited the flaw or accessed it through the default password. Also in this second scenario, there are responsibilities of the IT staff of the party that also hasn’t monitored the access to the system.

The hacker logged into the video conferencing application multiple times accessing the Quebec Liberal Party (PLQ) meetings. He told the journalists about some of the topics discussed in the private meetings.

The hacker was able to start the video feed from video conferencing software using its cameras every time he wanted.

Quebec Liberal Party spied by hackers

The PQL spokesman confirmed the security breach, but also added that no sensitive information was leaked neither secret issues were ever discussed in the meetings.

“We take very seriously this information,” commented the director of communications, Maxime Roy. “We already have a team of experts working to understand what happened and plug the computer breach on the most videoconferencing system as quickly as possible,” “For now, the important thing was to secure and understand what happened […] We are working with a supplier.” he added.

The experts investigated the issue for a few days then they fixed the vulnerability and changed the video conferencing software default password.

[adrotate banner=”9″]

Pierluigi Paganini

Security Affairs –  (Quebec Liberal Party ,hacking)