Items tagged with cybersecurity

Whether it’s a typo, a line of code in the wrong place, or a placeholder for testing that never got removed, developers can introduce vulnerabilities into apps that a threat actor could exploit. It seems Android developers seem to have the problem quite a bit, as new research suggested over 60% of Android apps had known security vulnerabilities in Q1 2021. According to data presented by the Atlas VPN team and collected by the Synopsys Cybersecurity Research Center, 63% of Android apps had known vulnerabilities, with an average of 39 vulnerabilities per app. The worst offenders of this 63% were gaming and financial apps, with the apps in the “top free games” category taking 96%... Read more...
Earlier this year, the Colonial Pipeline ransomware incident crippled fuel delivery to the Eastern Seaboard, sending people into a panic and decreasing the supply of gas, if only briefly. Amazingly, this is only the first time something of this scale has happened, but hopefully, it will be the last. The Department of Homeland Security is now requiring owners and operators of critical pipelines to instate "urgently needed protections against cyber intrusions." Cyber defense is a crucial part of the world we live in, as "The lives and livelihoods of the American people depend on our collective ability to protect our Nation's critical infrastructure from evolving threats," explains Secretary of... Read more...
Just on the heels of Microsoft taking on the cyberweapons market and malware found targeting journalists and politicians, a new cyberweapon has been discovered in a similar fashion. Targeting thousands of activists, journalists, politicians, the piece of malware called Pegasus, from Israeli surveillance company NSO Group, could have been sold to authoritarian governments to monitor anywhere up to 50,000 people. Pegasus is a malware used to infect both iPhones and Androids to, according to NSO Group’s website, “detect and prevent terrorism and crime.” It can be used to steal messages, photos, emails, calls, and secretly record users. However, a recent leak of over 50,000 phone... Read more...
Just as there is a traditional weapons market, a private sector cyberweapons market enables people and organizations to attack anyone worldwide for a fee. However, Microsoft takes this threat of cyberweapons seriously, and is now working to fight the problem head-on. Yesterday, Microsoft's Cristin Goodwin, General Manager for the Digital Security Unit, reported on a cyberweapon being manufactured by a group called Sourgum. This weapon was initially found by the Citizen Lab, at the University of Toronto's Munk School, after being used to attack "more than 100 victims around the world including politicians, human rights activists, journalists, academics, embassy workers and political dissidents."... Read more...
Earlier this year, a vulnerability within Apple’s WebKit for Safari was discovered by Google’s Threat Analysis Group (TAG) and then tracked as CVE-2021-1879. Now, it is reported that this vulnerability was likely exploited by a familiar Russian government-backed threat actor: Nobelium. Yesterday, Google TAG researchers Maddie Stone and Clement Lecigne reported that Nobelium, also known as Cozy Bear or APT29, used “LinkedIn Messaging to target government officials from western European countries by sending them malicious links.” If the victim clicked this link on an iOS device, they would be redirected to an attacker-controlled domain that served next-stage payloads. After... Read more...
It appears that REvil, the threat actor group behind attacks on JBS Global and Kaseya, among others, has gone dark. While this could be a good thing, it may not be worth holding your breath as there are other explanations for REvil “disappearing” in the short term. Prior to the July 4th holiday in the United States, REvil executed an attack on Kaseya, a management software company based out of Florida. This led to upwards of 1,500 businesses downstream having their files encrypted and held for ransom by the threat actor group’s ransomware. With this rise in attacks, the Biden administration has seemingly put cybersecurity as a priority. Less than a day ago, BleepingComputer’s... Read more...
Yesterday, Microsoft reported that it had detected a 0-day remote code execution exploit being used in the wild against SolarWinds’ Serv-U FTP product. The vulnerability that allowed this exploit has since been patched, but it is still disconcerting, nonetheless. Tracked as CVE-2021-35211, the vulnerability reported to SolarWinds by Microsoft resided in Serv-U’s version of the Secure Shell (SSH) protocol, explains Microsoft’s Threat Intelligence Center (MSTIC). If Serv-U’s SSH happened to be exposed to the internet, black hat hackers could exploit the vulnerability; thus allowing for remote code execution with privileges, leading to malware installations or unwanted data... Read more...
Over the weekend, cybersecurity experts, forensics teams, and white-hat hackers worldwide have been battling the ransomware incident affecting Kaseya VSA customers. Now, the Florida-based IT and remote management company is reporting that fewer than 60 customers and 1,500 downstream companies have been affected by this. But could this all have been prevented in the first place, or did cybersecurity take a backseat? On the evening of July 5th, Kaseya reported that the ransomware attack, which started on July 2nd against its VSA product, had hopefully been contained at this point. So far, there are fewer than 60 direct Kaseya customers affected; however, as many of these companies provide IT services,... Read more...
Over the holiday weekend, the popular battle royale game Apex Legends was hacked, but not in the way you may expect. Rather than stealing data, encrypting files, or being generally destructive, the hackers broadcasted a message stating that Respawn Entertainment has not done enough to fight hackers in its first game, Titanfall. Early on July 4th, Apex Legends players of PC began to report that the hackers replaced in-game playlists as well as notifications with complaints about the state of Titanfall. These messages also included a link to SaveTitanfall.com, which further explains that the game, which is still for sale, is “currently unplayable on PC due to hacker(s) using exploits.”... Read more...
Before the holiday weekend got underway, the REvil hacking group kicked off a massive supply chain attack involving remote management software company Kaseya. Based out of Florida, the company only reports that 40 of its remote monitoring tool VSA on-premises customers have been affected by this. However, some of these 40 could be managed service providers who in turn serve hundreds of small businesses, which bloats the number of affected companies upwards of 1,000. This morning, Kaseya provided an update on its progress, explaining that it is working on a plan to restore software-as-a-service server farms while all on-premises VSA servers should remain offline until further notice. Furthermore,... Read more...
Hacking group REvil, which was behind attacks such as those on Acer in early 2021, has returned in force evidently, after approximately 200 U.S. businesses were hit by ransomware overnight. It has been found that the ransomware spread through software created by Florida-based IT company Kaseya in what is another massive supply chain attack. Yesterday, Kaseya reported at 4:00 pm EST that it was "experiencing a potential attack against the VSA," its remote monitoring and management tool. At the time, it was recommended that VSA customers immediately shut down servers until further notice, as the attacker would first disable administrative access to VSA if they managed to breach the system. VSA... Read more...
Over the last couple of days, a vulnerability tracked as CVE-2021-34527 has made the rounds, making IT people quite nervous. The cybersecurity threat, also dubbed PrintNightmare, exploits a flaw within the Windows Print Spooler, allowing for remote code execution on a system. Now, Microsoft has provided mitigation guidance to block these attacks on vulnerable devices around the world. The CVE (common vulnerability enumeration), published yesterday by Microsoft, outlined the vulnerability that recently cropped up affecting the Windows Print Spooler. The executive summary explains that remote code execution can occur when the Windows Print Spooler service “improperly performs privileged file... Read more...
As cybersecurity solutions tighten up and prevent many attacks, threat actors are looking for new and innovative ways to attack systems. This has led to a rise in attacks that start “outside and below the operating system layer,” such as firmware attacks and ransomware attacks through VPN devices or other internet-facing devices, as Microsoft explains. Thus, it is critical to secure software that runs things like routers, as the Redmond-based company has now discovered. Published on the Microsoft Security blog yesterday, the MS365 Defender Research Team was researching device fingerprinting within Microsoft Defender for Endpoint when the team found some interesting activity. Microsoft... Read more...
Last week, hundreds if not thousands of My Book Live customers awoke to their devices being wiped and, in some cases, unrecoverable. At that time, it was simply thought that Western Digital had not patched a critical vulnerability from 2018 that allowed attackers to do this, but it seems there is more to the story than initially thought. On June 23rd, WD Community Forum user sunspeak created a forum post that would ultimately spearhead the community outcry over the wiping of My Book Live devices. There have now been over 46,000 views and 763 replies on that post at the time of writing, some of which have devolved into fighting whether a company can just "end-of-life" (EOL) a product and not support... Read more...
When people are hit by malware, it typically ends with files being locked or some other terrible outcome for the end-user. However, researchers have now discovered a piece of malware that turns the tables on people who try to pirate content by blocking illegal websites. As it turns out, perhaps not all malware is bad… Sophos researcher Andrew Brandt reported yesterday that the mysterious vigilante malware typically came packaged in fake games sent over Discord. However, it could also come bundled with productivity or security tools like "AVG Remediation" or "Microsoft Visual Studio Enterprise 2019." When the fake software is first run, it creates a fake popup saying a dynamically linked... Read more...
Sometimes you may not know that you have been infected with malware until it is too late, as is likely the case for users across more than three million Windows-based computers globally. In a stunning revelation, in the two years between 2018 and 2020, a Trojan-like malware managed to infiltrate millions of Windows devices and extract 1.2 terabytes of personal information. On Wednesday, NordLocker, a subsidiary of NordVPN, released malware research that led to discovering a database of stolen data. The stolen information includes nearly 26 million login credentials with 1.1 million unique email addresses, 2 billion or more cookies, and roughly 6.6 million files. Over 50 percent of the stolen... Read more...
A seven-year-old local privilege escalation bug has reared its head and finally got a fix. When it was available, exploiting the vulnerability in the polkit authentication service could have allowed attackers to get a root shell on several actively-used Linux distros. On Linux, polkit is effectively a bouncer of sorts who decides whether a user is allowed to do something that requires higher privileges. Discovered by security researcher Kevin Backhouse, the polkit bug that allows users to break this security was introduced in a commit that shipped with service version .0113 over seven years ago. To exploit this, it only takes a few terminal commands to create a user that is a member of the sudo-group.... Read more...
The Golden Arches are not so shiny today it seems, as the world's biggest fast-food chain, McDonald's, has been hit by an international data breach. The company reported today that hackers have stolen data containing employee and restaurant information from its South Korean, Taiwanese, and United States markets. Though it is believed that the data was not sensitive nor personal, it still raises concerns for the future. Recently, McDonald's discovered unauthorized activity on an internal security system, which prompted the company to lock things down and cut off access. Following this security incident, external cybersecurity consultants were brought in to investigate and found that indeed... Read more...
Cybersecurity is a hot topic nowadays, with attacks happening frequently like the Colonial Pipeline or JBS Global ransomware attacks. Now, it appears that EA is facing its own issues after hackers allegedly managed to exfiltrate around 780GB of source code, frameworks, and engine tools from the company. Recently, hackers began boasting about their recent EA attack on private hacking forums. In the posts, the hackers explained that they took FIFA 21 source code, Frostbite engine source code and tools, proprietary EA frameworks and software development kits, and code bundles to streamline game development. This adds up to 780GB of data which has gone up for sale on a variety of forums for "Only... Read more...
In May, the biggest fuel provider to the U.S. eastern seaboard was hit with ransomware from Russian hacking group DarkSide. Colonial Pipeline decided to pay the ransom to decrypt some of its files to get back to operational status, but those efforts were hampered by a slow decryption tool offered by the attackers. Thankfully, the U.S. Justice Department reports that it has now recovered much of the multi-million-dollar ransom payment. On May 9th, Colonial Pipeline reported that it needed to shutter its pipeline network, spanning from Texas to New Jersey, due to a security incident. What we later found out to be ransomware effectively paused the 2.5 million barrels of fuel from reaching communities... Read more...
Though industrial cyberattacks, such as those on JBS Global or Colonial Pipeline, are on the rise, the problem is not exclusive to businesses. According to new research, consumer cyber threats jumped nearly 83% in 2020. With new types of malware skyrocketing, users now need to be more careful than ever. Today, Atlas VPN extracted some interesting data from Malwarebytes' State of Malware 2021 report that gives insight into the company's malware detections via software globally. The most commonly detected threat was HackTool, a piece of riskware that allows users to use Microsoft software illegally. In 2019, there were only 511,848 detections, whereas, in 2020, there were 11.35 million warnings,... Read more...
Cybersecurity incidents are on the rise as of late, leaving companies floundering and threat actors perhaps a little richer. The world’s biggest meat processing company JBS has been added to the list, confirming that it recently fell victim to a cyber attack. This appears to have had rippling effects across the industry, but the company is now on the mend. Yesterday, JBS USA released a statement explaining that it had “determined that it was the target of an organised cybersecurity attack, affecting some of the servers supporting its North American and Australian IT systems.” In an attempt to counter the malicious actors, the company suspended affected systems, contacted authorities,... Read more...
1 2 3 4 5 Next ... Last