Items tagged with security

Customers of Kaseya's Vector Signal Analysis (VSA) software are being warned to be on the lookout for phishing emails claiming to offer up a security update, but in reality contain a malicious payload. The phishing campaign is a result of a massive supply chain ransomware attack that spread through software created by the Florida-based IT company. Notorious hacking group REvil was behind the attack, which exploited vulnerabilities in Kaseya's VSA software to distribute ransomware. In the aftermath, Kaseya said the attack affected fewer than 60 customers, though also noted that many of those customers provide IT services to multiple other companies. "We understand that the total impact thus far... Read more...
As if fussing with a printer is not maddening enough, a recent Windows Print Spooler exploit called 'PrintNightmare' left users vulnerable to remote code execution attacks. Not cool. Fortunately, Microsoft has made rather quick work of rolling out an out-of-band patch, which is being sent out via Windows Update (or you can grab it manually). Out-of-band patches for Windows are somewhat on the rare side, though they do happen on occasion. Normally, Microsoft packages up cumulative updates and dishes them out on the second Tuesday of every month, otherwise known as Patch Tuesday. Sometimes, however, problems or exploits arise that simply can't wait. This is one of them. Published as CVE-2021-34527,... Read more...
Over the weekend, cybersecurity experts, forensics teams, and white-hat hackers worldwide have been battling the ransomware incident affecting Kaseya VSA customers. Now, the Florida-based IT and remote management company is reporting that fewer than 60 customers and 1,500 downstream companies have been affected by this. But could this all have been prevented in the first place, or did cybersecurity take a backseat? On the evening of July 5th, Kaseya reported that the ransomware attack, which started on July 2nd against its VSA product, had hopefully been contained at this point. So far, there are fewer than 60 direct Kaseya customers affected; however, as many of these companies provide IT services,... Read more...
Audacity sparked quite the firestorm over the weekend after the scope of changes to its privacy policy were revealed to the broader public. The changes came after Audacity was acquired by Muse Group earlier this year. Some of the key sticking points that alarmed users of the audio editing program were that while customer data is hosted primarily in the European Economic Area (EEA), it could "occasionally" be shared with Audacity's main office in Russia (and the United States). In addition, Muse Group explained that customer data could be shared with "any competent law enforcement body, regulatory, government agency, court, or other third-party." Audacity currently has amassed over 100 million... Read more...
Over the holiday weekend, the popular battle royale game Apex Legends was hacked, but not in the way you may expect. Rather than stealing data, encrypting files, or being generally destructive, the hackers broadcasted a message stating that Respawn Entertainment has not done enough to fight hackers in its first game, Titanfall. Early on July 4th, Apex Legends players of PC began to report that the hackers replaced in-game playlists as well as notifications with complaints about the state of Titanfall. These messages also included a link to SaveTitanfall.com, which further explains that the game, which is still for sale, is “currently unplayable on PC due to hacker(s) using exploits.”... Read more...
For the past two decades, Audacity has built and maintained a following as a capable and free audio editing program. Being a no-cost solution is a big draw, and so are a coupe of other attributes—it's an open source program, and available on multiple platforms (Windows, macOS, GNU/Linux). Some users are starting to sour on it, however, accusing the new owner of turning it into a spyware vehicle of sorts. Audacity changed hands in April when it was acquired by Muse Group for an undisclosed sum. At the time, Martin Keary, head of design at MuseScore, an open source notation program owned by Muse Group as well, offered up some encouraging comments about the deal. Keary is the one who is now... Read more...
Do you know what would be great? If Apple would stop dragging its feet on a weird bug in iOS that makes it possible to disable an iPhone's ability to connect with a Wi-Fi network. Same goes for iPad devices, presumably. The problem lies with SSIDs that contain certain characters—if you connect to one with your iPhone, it could kill your Wi-Fi, possibly requiring a factory restore to get it back. This came to light last month when researcher and reverse engineer specialist Carl Schou found that when joining a network with the SSID set as %p%s%s%s%s%n, it would disable the device's Wi-Fi. In some cases, however, it seems the issue could be resolved by resetting the phone's network settings,... Read more...
On July 4th, we reported that the developing Kaseya ransomware incident might be much worse than initially thought. While it is still unclear exactly how many victims and encrypted devices there are, it was apparent that this is certainly a wide-reaching international incident. We also noted that REvil, the Russian-backed hacking group, had not mentioned the situation on its blog, until now. Late in the evening on July 4th, REvil made a blog post about its Kaseya attack after much speculation. The group explained that the attack launched on July 2nd has since encrypted “more than a million systems.” However, it seems that this ransomware event is being treated differently than most,... Read more...
Before the holiday weekend got underway, the REvil hacking group kicked off a massive supply chain attack involving remote management software company Kaseya. Based out of Florida, the company only reports that 40 of its remote monitoring tool VSA on-premises customers have been affected by this. However, some of these 40 could be managed service providers who in turn serve hundreds of small businesses, which bloats the number of affected companies upwards of 1,000. This morning, Kaseya provided an update on its progress, explaining that it is working on a plan to restore software-as-a-service server farms while all on-premises VSA servers should remain offline until further notice. Furthermore,... Read more...
Hopefully you are not one of the millions of people who have installed an app called PIP Photo onto your Android device. Why is that? While it may seem like a harmless and handy image editing app, it contains malware designed to covertly swipe a person's login credential for Facebook. Same goes for a handful of other Android apps. Each of the nine malicious apps discovered by researchers at Doctor Web contain a trojan that gets to work trying to trick users into coughing up their Facebook usernames and passwords. What makes the apps potentially effective is that they otherwise work as intended and expected. "The applications were fully functional, which was supposed to weaken the vigilance of... Read more...
Hacking group REvil, which was behind attacks such as those on Acer in early 2021, has returned in force evidently, after approximately 200 U.S. businesses were hit by ransomware overnight. It has been found that the ransomware spread through software created by Florida-based IT company Kaseya in what is another massive supply chain attack. Yesterday, Kaseya reported at 4:00 pm EST that it was "experiencing a potential attack against the VSA," its remote monitoring and management tool. At the time, it was recommended that VSA customers immediately shut down servers until further notice, as the attacker would first disable administrative access to VSA if they managed to breach the system. VSA... Read more...
Just last week, many Western Digital MyBook Live owners lamented the fact that their personal cloud was being attacked and wiped remotely. Those storage devices were older and hadn't been supported since 2015. As a result, those NAS products proved to be a lesson in not putting unsecured and unpatched devices on your network. Much more alarming appears to be another zero-day, unpatched bug, this time in the WD's current lineup, and any supported device that hasn't already been updated is vulnerable.  Before we go any farther, it's worth noting that WD has solved the issue with MyCloud OS 5. Owners of MyCloud devices should ensure immediately that their drives are fully updated to the latest,... Read more...
As cybersecurity solutions tighten up and prevent many attacks, threat actors are looking for new and innovative ways to attack systems. This has led to a rise in attacks that start “outside and below the operating system layer,” such as firmware attacks and ransomware attacks through VPN devices or other internet-facing devices, as Microsoft explains. Thus, it is critical to secure software that runs things like routers, as the Redmond-based company has now discovered. Published on the Microsoft Security blog yesterday, the MS365 Defender Research Team was researching device fingerprinting within Microsoft Defender for Endpoint when the team found some interesting activity. Microsoft... Read more...
If you have been on the internet for any length of time, there is a pretty good chance that at least some of your personal information is out there in a database. However, if you happen to use LinkedIn, these odds have now gone significantly up. Some malicious people have managed to scrape information like phone numbers and emails for millions of accounts from the business networking site and are now selling it online. On June 22nd, "GOD USER" TomLiner posted to popular hacking and leak trading site RaidForums, explaining that he had collected 700 million LinkedIn records from this year. These records have been verified to include full user names, birthdays, social media handles, email addresses,... Read more...
Last week, hundreds if not thousands of My Book Live customers awoke to their devices being wiped and, in some cases, unrecoverable. At that time, it was simply thought that Western Digital had not patched a critical vulnerability from 2018 that allowed attackers to do this, but it seems there is more to the story than initially thought. On June 23rd, WD Community Forum user sunspeak created a forum post that would ultimately spearhead the community outcry over the wiping of My Book Live devices. There have now been over 46,000 views and 763 replies on that post at the time of writing, some of which have devolved into fighting whether a company can just "end-of-life" (EOL) a product and not support... Read more...
Ensuring accounts are secure is an important part of being online, as there are always people out to try and get you. This is especially true for app developers who may be targeted for the data they do or could possess. Thus, Google is introducing new security measures for developers to help strengthen accounts and better understand their needs. The first new security measure Google is implementing is new identification requirements when creating a new Google Play dev account. As of now, Google only asks for an email address and phone number; however, this update will add account type, contact name, physical address and will also require users to verify their email and phone number. This information,... Read more...
The devastating security breach publisher Electronic Arts disclosed earlier this month may have been worse than initially thought. Not in terms of the scope of how much data was stolen (which is a lot), but in regards to EA possibly having prior knowledge that its systems were at risk, and allegedly choosing not to take appropriate measures that could have prevented the breach. Let's back up for a moment. A couple of weeks ago, hackers began bragging on private hacking forums that they infiltrated EA's servers and swiped a massive amount of data—around 780GB of source code, proprietary frameworks, software development kits, and engine tools. The stolen data was made available for sale.... Read more...
As it goes, crime never pays, and neither does pirating software, as some people on the internet have come to find out. In the last year, there have been reports that popular antivirus programs, like Avast, disappeared from users’ computers. Researchers at the Czech company found that this activity was tied to a new malware called “Crackonosh,” which comes bundled with illegally downloaded copies of popular software. Among many other people, Reddit user /u/Well-oh-well reported that a new Windows 10 laptop booted with an error, restarted, and then came back as normal. After that, however, the “Avast Antivirus shortcut icon was blank and sure enough the avast folder in... Read more...
Security researchers have sounded the alarm on four BIOS vulnerabilities affecting 129 different Dell models, including various laptop and desktop systems, as well as some tablets. In total, it is estimated that around 30 million Dell systems are susceptible to the vulnerabilities and should be patched right away. Fortunately, Dell has issued updates for all affected models. If left unpatched, an attacker could execute malicious code without having physical access to a system, and it would run in the pre-boot environment. This is how rootkits normally operate—they corrupt the BIOS, so if a user wipes their system clean with a fresh OS install, or even swaps out the physical drive (SSD or... Read more...
When people are hit by malware, it typically ends with files being locked or some other terrible outcome for the end-user. However, researchers have now discovered a piece of malware that turns the tables on people who try to pirate content by blocking illegal websites. As it turns out, perhaps not all malware is bad… Sophos researcher Andrew Brandt reported yesterday that the mysterious vigilante malware typically came packaged in fake games sent over Discord. However, it could also come bundled with productivity or security tools like "AVG Remediation" or "Microsoft Visual Studio Enterprise 2019." When the fake software is first run, it creates a fake popup saying a dynamically linked... Read more...
Sometimes you may not know that you have been infected with malware until it is too late, as is likely the case for users across more than three million Windows-based computers globally. In a stunning revelation, in the two years between 2018 and 2020, a Trojan-like malware managed to infiltrate millions of Windows devices and extract 1.2 terabytes of personal information. On Wednesday, NordLocker, a subsidiary of NordVPN, released malware research that led to discovering a database of stolen data. The stolen information includes nearly 26 million login credentials with 1.1 million unique email addresses, 2 billion or more cookies, and roughly 6.6 million files. Over 50 percent of the stolen... Read more...
A seven-year-old local privilege escalation bug has reared its head and finally got a fix. When it was available, exploiting the vulnerability in the polkit authentication service could have allowed attackers to get a root shell on several actively-used Linux distros. On Linux, polkit is effectively a bouncer of sorts who decides whether a user is allowed to do something that requires higher privileges. Discovered by security researcher Kevin Backhouse, the polkit bug that allows users to break this security was introduced in a commit that shipped with service version .0113 over seven years ago. To exploit this, it only takes a few terminal commands to create a user that is a member of the sudo-group.... Read more...
First ... Prev 3 4 5 6 7 Next ... Last