Items tagged with security

Yesterday, criminal hackers stole approximately $600 million in varying cryptocurrencies from the PolyNetwork, a blockchain interoperability company. Now, in an interesting turn of events, the hackers have begun returning the stolen funds in what was to be one of the biggest cryptocurrency thefts ever. As it stands, cryptocurrencies all have their standalone networks, which means that going between them would be difficult at best. However, PolyNetwork aims to interconnect Bitcoin, Ethereum, and others through smart contracts and interconnections between other crypto chains. Interestingly, malicious hackers were reportedly able to exploit a vulnerability in the EthCrossChainManager contract and... Read more...
Digital security and cyber safety are paramount in an era where people are constantly out to make a quick buck and steal your information. Thus, Norton LifeLock and Avast agreeing to a merger to form a new cyber safety business comes as no surprise in the ever-shifting threat landscape. Announced yesterday, the NortonLifeLock and Avast merger terms have been settled wherein Avast’s shareholders would receive somewhere between $8.1 and $8.6 billion in cash and NortonLifeLock shares. Subsequently, shareholders will have to choose between $7.61 in cash and .0302 of the new NortonLifeLock, or $2.37 in cash and .1937 of NortonLifeLock stock, which is up nearly 9% since market close on August... Read more...
Microsoft is pretty confident that it has finally addressed the dreaded PrintNightmare that has been keeping IT admins awake at night. Okay, maybe that is a slight exaggeration. However, the vulnerability within Microsoft's Windows Print Spooler service has definitely been a recurring headache, and is seemingly fixed (knock on wood). The first warning of the PrintNightmare bug came abut a month and a half ago. Microsoft explained that remote code execution could occur when the Windows Print Spooler service "improperly performs privileged file operations." If successfully exploited, an attacker could run malicious code on a system full privileges. Not good. An emergency Windows 10 patch issued... Read more...
Ransomware infections have been on the rise lately, affecting companies like Gigabyte or, more famously, Kaseya. Subsequently, the fight against the ransomware plague needs to meet and exceed threat actors’ efforts, and Microsoft is looking to help. In collaboration with the Microsoft Threat Intelligence Center, ransomware detection is being built into the Azure Sentinel security information and event management (SIEM) tool. Azure Sentinel is an AI-assisted tool that analyzes copious amounts of data to detect and investigate threats on-premises and in the cloud. It is also helped by something called Fusion, a machine learning system used to “correlate different alerts and contextual... Read more...
Network Attached Storage (NAS) devices from Synology are being targeted by the StealthWorker Botnet in an ongoing brute-force attack that could lead to ransomware infections. Perhaps we should just drop the “network attached” of NAS portion for now. According to an August 4th report, Synology’s Product Security Incident Response Team (PSIRT) witnessed and received reports on “an increase in brute-force attacks against Synology devices.” While the team believes that these attacks are not using software vulnerabilities, the attacks are still concerning. The botnet behind the brute-force behavior, wherein attackers “leverage a number of already infected... Read more...
Earlier in the month, Tenable security researchers discovered a vulnerability allowing attackers to bypass authentication on millions of routers from 17 different vendors. However, it now appears that threat actors are actively exploiting this to deploy malicious Mirai botnet payloads.  Evan Grant of Tenable published research on August 3rd that determined anyone could bypass authentication on devices manufactured by Arcadyan. In short, the problem stems from the router’s handling of URLs, in that it stops checking for bypass attempts as soon as it finds a piece of the URL within a bypass or white- list. Using Grant’s example, if you wanted to navigate to https://router/images/someimage.png,... Read more...
Which do you prefer when browsing the web—raw speed or a combination of security and privacy? Generally speaking, modern browsers deliver the whole kit and caboodle, which is the way it should be. That said, Microsoft is testing a new "Super Duper Secure Mode" for its Edge browser that puts more of an emphasis on the latter. Or to put it another way, an experimental feature in Edge sacrifices a bit of speed to make the browser more secure and to enhance user privacy. It does this by tooling around with the V8 JavaScript engine that motors the Chromium foundation of Edge. Microsoft's reasoning for experimenting in this manner is because "JavaScript engine bugs are a mainstay for attackers."... Read more...
Google is looking to make home security cheaper and easier to setup using wire-free options, smart alerts, and enhanced privacy via a line of new next-generation of Nest Cams and Doorbell. With these new products, Google is taking a hard swing at Amazon with its Ring family of products. Google Nest Cam Kicking things off is the next-generation Nest Cam, an indoor or outdoor camera that comes with a rechargeable battery. This wire-free solution allows you to put the camera wherever you may need it at a moment's notice. From keeping an eye on the kids inside or watching the front door for a delivery while you are away, you can move the camera by simply pulling it off the base and attaching... Read more...
If you want to be stealthy, perhaps not wearing a hot pink suit is a good choice. When it comes to cybersecurity, avoiding computer languages that people have come to know and recognize is a good idea as well. Threat actors have seemingly figured out the latter as some malware has now been built using “exotic” programming languages to better avoid security protections, analysis, and slow the reverse engineering process. As Eric Milam, VP of Threat Research at BlackBerry, explains, “Malware authors are known for their ability to adapt and modify their skills and behaviors to take advantage of newer technologies.” This includes adapting to “less prolific programming... Read more...
In the past, there have been some big slip-ups when commentators did not know that they were on-air and began speaking their mind to other people. This seems to have happened again at the Tokyo Olympics when an Italian TV announcer did not realize he was live on-air when he asked for his computer password. Posted to Twitter yesterday by cybersecurity associate professor Stefano Zanero from the Polytechnic University of Milan, the clip has amassed thousands of likes, retweets, and views. In the video during the Turkey-China volleyball game, the announcer asked, in Italian, "Do you know the password for the computer in this commentator booth?" La prossima volta che sentite chiacchierare di sofisticatissime... Read more...
Hackers and threat actors are constantly searching for new ways to breach systems for cybersecurity research or exploitation, respectively. Thankfully, French researcher Gilles Lionel got to an NTLM Relay Attack, dubbed PetitPotam, first. Now, Microsoft has released a mitigation technique that IT admins should implement to remain secure. Last week, information about PetitPotam was posted to GitHub by French cybersecurity researcher Gilles Lionel. Lionel found that, through a tool he made, it was possible “to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw function.” In layman’s terms, an attacker could use the program to extract NTLM authentication... Read more...
Microsoft is warning of a vulnerability in both Windows 11 (not yet released, but available in preview form to Windows Insiders) and Windows 10 that could reveal a user's admin password, which in turn could be used to elevate their own system privileges. That's obviously not a good thing, as it would essentially grant the hacker with full control of a system. "An elevation of privilege vulnerability exists because of overly permissive Access Control Lists (ACLs) on multiple system files, including the Security Accounts Manager (SAM) database. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view,... Read more...
Earlier this year, the Colonial Pipeline ransomware incident crippled fuel delivery to the Eastern Seaboard, sending people into a panic and decreasing the supply of gas, if only briefly. Amazingly, this is only the first time something of this scale has happened, but hopefully, it will be the last. The Department of Homeland Security is now requiring owners and operators of critical pipelines to instate "urgently needed protections against cyber intrusions." Cyber defense is a crucial part of the world we live in, as "The lives and livelihoods of the American people depend on our collective ability to protect our Nation's critical infrastructure from evolving threats," explains Secretary of... Read more...
Just as there is a traditional weapons market, a private sector cyberweapons market enables people and organizations to attack anyone worldwide for a fee. However, Microsoft takes this threat of cyberweapons seriously, and is now working to fight the problem head-on. Yesterday, Microsoft's Cristin Goodwin, General Manager for the Digital Security Unit, reported on a cyberweapon being manufactured by a group called Sourgum. This weapon was initially found by the Citizen Lab, at the University of Toronto's Munk School, after being used to attack "more than 100 victims around the world including politicians, human rights activists, journalists, academics, embassy workers and political dissidents."... Read more...
Remember that scene in Office Space where a trio of disgruntled employees take a problematic printer to field and beat it to a pulp? Anyone who has ever dealt with stubborn printer issues has probably felt that way. It doesn't help that we also have to worry about printer vulnerabilities messing up our day, and to that end, Microsoft has warned of yet another one. The latest printer bug is being tracked as CVE-2021-34481. It has to do with the Windows Print Spooler service, and without a patch in place, a nefarious actor could potentially gain unfettered access to an affected system. At that point, they could install malware, swipe sensitive data, and worst of all, rearrange your carefully aligned... Read more...
Over the past few years, biometric security solutions have been on the rise, replacing the use of traditional passwords on both mobile devices and the PC. Windows Hello is one such implementation. It allows users to near-instantaneously log onto their machines with their face or fingerprint (or a PIN), and is in wide use today. It's also apparently vulnerable to an exploit that could allow an attacker to bypass facial recognition on a Windows PC. Any vulnerability is concerning because of Windows Hello's massive footprint—Microsoft's telemetry suggests the vast majority of Windows 10 users (85 percent) use Windows Hello. Because it is so widely used, security researchers at CyberArk Labs... Read more...
Earlier this year, a vulnerability within Apple’s WebKit for Safari was discovered by Google’s Threat Analysis Group (TAG) and then tracked as CVE-2021-1879. Now, it is reported that this vulnerability was likely exploited by a familiar Russian government-backed threat actor: Nobelium. Yesterday, Google TAG researchers Maddie Stone and Clement Lecigne reported that Nobelium, also known as Cozy Bear or APT29, used “LinkedIn Messaging to target government officials from western European countries by sending them malicious links.” If the victim clicked this link on an iOS device, they would be redirected to an attacker-controlled domain that served next-stage payloads. After... Read more...
After last week's out-of-band update to patch the PrintNightmare vulnerability, Microsoft has now released more vulnerability fixes as part of Patch Tuesday. With this update, the Redmond, Washington-based company knocked out a whopping 117 security issues that garnered a variety of concerns. Patch Tuesday has become something a holiday (or recurring nightmare) on the second Tuesday of each month for IT administrators, as Microsoft pushes out the latest security updates to its products. For this Patch Tuesday, a rather extensive list including Microsoft Office products, Microsoft networking products, and a swath of Windows products have been given security updates. Many of the vulnerabilities... Read more...
It appears that REvil, the threat actor group behind attacks on JBS Global and Kaseya, among others, has gone dark. While this could be a good thing, it may not be worth holding your breath as there are other explanations for REvil “disappearing” in the short term. Prior to the July 4th holiday in the United States, REvil executed an attack on Kaseya, a management software company based out of Florida. This led to upwards of 1,500 businesses downstream having their files encrypted and held for ransom by the threat actor group’s ransomware. With this rise in attacks, the Biden administration has seemingly put cybersecurity as a priority. Less than a day ago, BleepingComputer’s... Read more...
Yesterday, Microsoft reported that it had detected a 0-day remote code execution exploit being used in the wild against SolarWinds’ Serv-U FTP product. The vulnerability that allowed this exploit has since been patched, but it is still disconcerting, nonetheless. Tracked as CVE-2021-35211, the vulnerability reported to SolarWinds by Microsoft resided in Serv-U’s version of the Secure Shell (SSH) protocol, explains Microsoft’s Threat Intelligence Center (MSTIC). If Serv-U’s SSH happened to be exposed to the internet, black hat hackers could exploit the vulnerability; thus allowing for remote code execution with privileges, leading to malware installations or unwanted data... Read more...
If you are still relying on Apple's discontinued AirPort Time Capsule to back up you data, you may want to seek out an alternative. Otherwise, you could lose all your files to what a data retrieval company is calling a flaw in the physical design, which in the firm's experience, can actually warp the hard disk drive (HDD) inside. The AirPort Time Capsule is a defunct router line that Apple introduced in January 2008. It combined 802.11n wireless connectivity with a "server grade" HDD, with the promise of delivering automatic wireless backups for every Mac in a person's home. Apple initially offered two variants, one with a 500GB HDD for $299 and a 1TB mode for $499, then a year later it offered... Read more...
Customers of Kaseya's Vector Signal Analysis (VSA) software are being warned to be on the lookout for phishing emails claiming to offer up a security update, but in reality contain a malicious payload. The phishing campaign is a result of a massive supply chain ransomware attack that spread through software created by the Florida-based IT company. Notorious hacking group REvil was behind the attack, which exploited vulnerabilities in Kaseya's VSA software to distribute ransomware. In the aftermath, Kaseya said the attack affected fewer than 60 customers, though also noted that many of those customers provide IT services to multiple other companies. "We understand that the total impact thus far... Read more...
First ... Prev 2 3 4 5 6 Next ... Last