Items tagged with cybersecurity

The US government reported earlier this month that ransomware payments topped $81 million dollars in the first quarter of 2021 alone. This fact is in part the reason why the US government is looking to add new laws to combat ransomware. This also creates an environment where groups like Fin7 find creative ways of recruiting unknowing technology-minded workers to increase its ransomware income. Fin7 has been responsible for exposing over 20 million payment card records, along with various ransomware attacks. The cybercriminal group is believed to be responsible for the recent ransomware attack on Colonial Pipeline back in May that stifled the flow of gasoline in the Southeastern states of the... Read more...
Malware on Windows devices has become a real problem in the last few years, specifically with a recent uptick in ransomware. It appears that Microsoft has been trying to combat this issue, though, with updates to Microsoft Defender, so it has more teeth than ever before. However, what if Microsoft is part of the problem too? On Friday, cybersecurity researcher TheAnalyst explained on Twitter how BazarLoader malware leads to ransomware that can severely affect healthcare, among other industries. He then called out Microsoft, asking if the company has “any responsibility in this when they KNOWINGLY are hosting hundreds of files leading to this,” alongside an image of what appears to... Read more...
A lot of folks buying (legitimate) software are disgruntled about the rise of "software as a service," or SaaS. Proponents claim that the continued payments enable further development of useful applications, while opponents complain that they end up paying far more than they might under a more traditional "buy to own" model. Customers also voice concerns that automatically-updating software might break, or remove useful features. If legitimate customers are frustrated by the SaaS model, one can only imagine how annoying it must be that malware providers have moved to the same sort of system. Last week's "Bloodystealer" trojan is primarily sold that way, and so is REvil, arguably the most notorious... Read more...
T-Mobile is now investigating a massive customer data breach claim that could affect up to 100 million users. The leak, which appeared on a leak and database selling forums on Saturday, claimed to have 30 million unique social security numbers and driver's license information. In the samples provided, it also appears that birthdates, phone numbers, state, and zip codes are included. The asking price for these records began at a whopping 6 Bitcoin (~$277K), but has since dropped to only $200 for everything. After the data was checked, Vice reached out to the alleged data thief, who explained that the data was "T-Mobile USA. Full customer info." It was also mentioned that the remaining 70... Read more...
Not everything has to be high-tech to perform dastardly deeds these days, and the same is true of malware. However, malware can slip by conventional security solutions using some email tricks and social engineering and still infect end-users, as Microsoft reports. This Tuesday, the Microsoft Security Intelligence reported on Twitter that several “active email campaigns that use BazarLoader to deliver a wide range of payloads” are being tracked. These campaigns have been found to use some interesting techniques to get around what Microsoft describes as “conventional email security solutions and best practices.” The first reported campaign is called “BazaCall,”... Read more...
Yesterday, criminal hackers stole approximately $600 million in varying cryptocurrencies from the PolyNetwork, a blockchain interoperability company. Now, in an interesting turn of events, the hackers have begun returning the stolen funds in what was to be one of the biggest cryptocurrency thefts ever. As it stands, cryptocurrencies all have their standalone networks, which means that going between them would be difficult at best. However, PolyNetwork aims to interconnect Bitcoin, Ethereum, and others through smart contracts and interconnections between other crypto chains. Interestingly, malicious hackers were reportedly able to exploit a vulnerability in the EthCrossChainManager contract and... Read more...
Digital security and cyber safety are paramount in an era where people are constantly out to make a quick buck and steal your information. Thus, Norton LifeLock and Avast agreeing to a merger to form a new cyber safety business comes as no surprise in the ever-shifting threat landscape. Announced yesterday, the NortonLifeLock and Avast merger terms have been settled wherein Avast’s shareholders would receive somewhere between $8.1 and $8.6 billion in cash and NortonLifeLock shares. Subsequently, shareholders will have to choose between $7.61 in cash and .0302 of the new NortonLifeLock, or $2.37 in cash and .1937 of NortonLifeLock stock, which is up nearly 9% since market close on August... Read more...
Ransomware infections have been on the rise lately, affecting companies like Gigabyte or, more famously, Kaseya. Subsequently, the fight against the ransomware plague needs to meet and exceed threat actors’ efforts, and Microsoft is looking to help. In collaboration with the Microsoft Threat Intelligence Center, ransomware detection is being built into the Azure Sentinel security information and event management (SIEM) tool. Azure Sentinel is an AI-assisted tool that analyzes copious amounts of data to detect and investigate threats on-premises and in the cloud. It is also helped by something called Fusion, a machine learning system used to “correlate different alerts and contextual... Read more...
Network Attached Storage (NAS) devices from Synology are being targeted by the StealthWorker Botnet in an ongoing brute-force attack that could lead to ransomware infections. Perhaps we should just drop the “network attached” of NAS portion for now. According to an August 4th report, Synology’s Product Security Incident Response Team (PSIRT) witnessed and received reports on “an increase in brute-force attacks against Synology devices.” While the team believes that these attacks are not using software vulnerabilities, the attacks are still concerning. The botnet behind the brute-force behavior, wherein attackers “leverage a number of already infected... Read more...
Earlier in the month, Tenable security researchers discovered a vulnerability allowing attackers to bypass authentication on millions of routers from 17 different vendors. However, it now appears that threat actors are actively exploiting this to deploy malicious Mirai botnet payloads.  Evan Grant of Tenable published research on August 3rd that determined anyone could bypass authentication on devices manufactured by Arcadyan. In short, the problem stems from the router’s handling of URLs, in that it stops checking for bypass attempts as soon as it finds a piece of the URL within a bypass or white- list. Using Grant’s example, if you wanted to navigate to https://router/images/someimage.png,... Read more...
Earlier in July, the PrintNightmare vulnerability was discovered, wherein a threat actor could exploit the vulnerability to gain system-level access to a device. This was only speculation at first, but that has now changed, as cybersecurity researcher Benjamin Delpy has shown. Since the discovery of PrintNightmare, Delpy has been working to both investigate and exploit it for research purposes. Initially, he reported that he could achieve both remote code execution and local privilege escalation using PrintNightmare on a fully patched server with “Point & Print” enabled. Following that development, Delpy was more recently able to create a web-hosted printer that leveraged the... Read more...
If you want to be stealthy, perhaps not wearing a hot pink suit is a good choice. When it comes to cybersecurity, avoiding computer languages that people have come to know and recognize is a good idea as well. Threat actors have seemingly figured out the latter as some malware has now been built using “exotic” programming languages to better avoid security protections, analysis, and slow the reverse engineering process. As Eric Milam, VP of Threat Research at BlackBerry, explains, “Malware authors are known for their ability to adapt and modify their skills and behaviors to take advantage of newer technologies.” This includes adapting to “less prolific programming... Read more...
In the past, there have been some big slip-ups when commentators did not know that they were on-air and began speaking their mind to other people. This seems to have happened again at the Tokyo Olympics when an Italian TV announcer did not realize he was live on-air when he asked for his computer password. Posted to Twitter yesterday by cybersecurity associate professor Stefano Zanero from the Polytechnic University of Milan, the clip has amassed thousands of likes, retweets, and views. In the video during the Turkey-China volleyball game, the announcer asked, in Italian, "Do you know the password for the computer in this commentator booth?" La prossima volta che sentite chiacchierare di sofisticatissime... Read more...
Hackers and threat actors are constantly searching for new ways to breach systems for cybersecurity research or exploitation, respectively. Thankfully, French researcher Gilles Lionel got to an NTLM Relay Attack, dubbed PetitPotam, first. Now, Microsoft has released a mitigation technique that IT admins should implement to remain secure. Last week, information about PetitPotam was posted to GitHub by French cybersecurity researcher Gilles Lionel. Lionel found that, through a tool he made, it was possible “to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw function.” In layman’s terms, an attacker could use the program to extract NTLM authentication... Read more...
Whether it’s a typo, a line of code in the wrong place, or a placeholder for testing that never got removed, developers can introduce vulnerabilities into apps that a threat actor could exploit. It seems Android developers seem to have the problem quite a bit, as new research suggested over 60% of Android apps had known security vulnerabilities in Q1 2021. According to data presented by the Atlas VPN team and collected by the Synopsys Cybersecurity Research Center, 63% of Android apps had known vulnerabilities, with an average of 39 vulnerabilities per app. The worst offenders of this 63% were gaming and financial apps, with the apps in the “top free games” category taking 96%... Read more...
Earlier this year, the Colonial Pipeline ransomware incident crippled fuel delivery to the Eastern Seaboard, sending people into a panic and decreasing the supply of gas, if only briefly. Amazingly, this is only the first time something of this scale has happened, but hopefully, it will be the last. The Department of Homeland Security is now requiring owners and operators of critical pipelines to instate "urgently needed protections against cyber intrusions." Cyber defense is a crucial part of the world we live in, as "The lives and livelihoods of the American people depend on our collective ability to protect our Nation's critical infrastructure from evolving threats," explains Secretary of... Read more...
Just on the heels of Microsoft taking on the cyberweapons market and malware found targeting journalists and politicians, a new cyberweapon has been discovered in a similar fashion. Targeting thousands of activists, journalists, politicians, the piece of malware called Pegasus, from Israeli surveillance company NSO Group, could have been sold to authoritarian governments to monitor anywhere up to 50,000 people. Pegasus is a malware used to infect both iPhones and Androids to, according to NSO Group’s website, “detect and prevent terrorism and crime.” It can be used to steal messages, photos, emails, calls, and secretly record users. However, a recent leak of over 50,000 phone... Read more...
Just as there is a traditional weapons market, a private sector cyberweapons market enables people and organizations to attack anyone worldwide for a fee. However, Microsoft takes this threat of cyberweapons seriously, and is now working to fight the problem head-on. Yesterday, Microsoft's Cristin Goodwin, General Manager for the Digital Security Unit, reported on a cyberweapon being manufactured by a group called Sourgum. This weapon was initially found by the Citizen Lab, at the University of Toronto's Munk School, after being used to attack "more than 100 victims around the world including politicians, human rights activists, journalists, academics, embassy workers and political dissidents."... Read more...
Earlier this year, a vulnerability within Apple’s WebKit for Safari was discovered by Google’s Threat Analysis Group (TAG) and then tracked as CVE-2021-1879. Now, it is reported that this vulnerability was likely exploited by a familiar Russian government-backed threat actor: Nobelium. Yesterday, Google TAG researchers Maddie Stone and Clement Lecigne reported that Nobelium, also known as Cozy Bear or APT29, used “LinkedIn Messaging to target government officials from western European countries by sending them malicious links.” If the victim clicked this link on an iOS device, they would be redirected to an attacker-controlled domain that served next-stage payloads. After... Read more...
It appears that REvil, the threat actor group behind attacks on JBS Global and Kaseya, among others, has gone dark. While this could be a good thing, it may not be worth holding your breath as there are other explanations for REvil “disappearing” in the short term. Prior to the July 4th holiday in the United States, REvil executed an attack on Kaseya, a management software company based out of Florida. This led to upwards of 1,500 businesses downstream having their files encrypted and held for ransom by the threat actor group’s ransomware. With this rise in attacks, the Biden administration has seemingly put cybersecurity as a priority. Less than a day ago, BleepingComputer’s... Read more...
Yesterday, Microsoft reported that it had detected a 0-day remote code execution exploit being used in the wild against SolarWinds’ Serv-U FTP product. The vulnerability that allowed this exploit has since been patched, but it is still disconcerting, nonetheless. Tracked as CVE-2021-35211, the vulnerability reported to SolarWinds by Microsoft resided in Serv-U’s version of the Secure Shell (SSH) protocol, explains Microsoft’s Threat Intelligence Center (MSTIC). If Serv-U’s SSH happened to be exposed to the internet, black hat hackers could exploit the vulnerability; thus allowing for remote code execution with privileges, leading to malware installations or unwanted data... Read more...
Over the weekend, cybersecurity experts, forensics teams, and white-hat hackers worldwide have been battling the ransomware incident affecting Kaseya VSA customers. Now, the Florida-based IT and remote management company is reporting that fewer than 60 customers and 1,500 downstream companies have been affected by this. But could this all have been prevented in the first place, or did cybersecurity take a backseat? On the evening of July 5th, Kaseya reported that the ransomware attack, which started on July 2nd against its VSA product, had hopefully been contained at this point. So far, there are fewer than 60 direct Kaseya customers affected; however, as many of these companies provide IT services,... Read more...
1 2 3 4 5 Next ... Last