Items tagged with cybersecurity

Yesterday was Microsoft’s routine Patch Tuesday release, which tackled quite a few vulnerabilities, 55 to be exact. Though this may seem like a lot, it is actually the smallest update from the company since 2020, but it does take care of some big problems. This includes a rather worrisome wormable HTTP protocol-stack vulnerability within Windows that thankfully has not been seen exploited in the wild. Of the 55 fixes coming with this patch, the wormable HTTP protocol-stack vulnerability, denoted by CVE-2021-31166, is the most concerning. This vulnerability has been given a rather high Common Vulnerability Scoring System (CVSS) score at 9.8 out of 10, which means it can be dangerous if used.... Read more...
Yesterday, we reported on a ransomware attack that targeted Colonial Pipeline, and by association, the eastern seaboard after the company had to shut off its pipeline network. Now, the FBI has tied the ransomware attack on the fuel company to a newly formed group called “DarkSide,” who has been incredibly quiet about the situation until today. On May 7th, Colonial Pipeline learned that they had been the victim of a cybersecurity incident and then “proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations.” Since then, the company has slowly restored services to its customers in Texas through New Jersey. The company’s... Read more...
When it was found that Microsoft Exchange on-premises was vulnerable to hackers, quite a bit of havoc ensued across a wide range of industries. Since then, the FBI obtained a court order to go in and remove backdoors to hacked servers, but there are likely many hacked Exchange servers still out there. In recent days, researchers have noticed an uptick in DNS queries and new infrastructure and components associated with the Lemon Duck cryptocurrency mining botnet that targeted these vulnerable Exchange servers. In March, Microsoft first caught onto Lemon Duck “adopting different exploit styles and choosing to use a fileless/web shell-less option of direct PowerShell commands” for some... Read more...
Last week, cybersecurity researchers discovered an open Elasticsearch database that exposed an extensive fake Amazon reviews scam ring. The database contained millions of direct messages between Amazon vendors and upwards of 200,000 customers willing to provide fake reviews in exchange for free products. It is presently unknown who owns the database, but it shows the nasty underbelly of some Amazon vendors and online retail. The SafetyDetectives cybersecurity team’s discovery of this Elasticsearch database proved to be incredibly interesting and valuable as it outlined how Amazon vendors went about getting the fake reviews. The team reported that Amazon vendors send to reviewers, or an... Read more...
One of the top U.S. fuel pipeline operators had to shutter its network this weekend due to a nasty ransomware attack. This effectively shut down approximately half of the East Coast’s fuel for both air and ground transportation. Though home heating oil prices are not expected to increase as a result, this does raise concerns about how vulnerable U.S. critical infrastructure is after seeing how disruptive this attack was. Colonial Pipeline is one of the largest pipeline operators in the United States, with over 5,500 miles of pipe delivering 100 million gallons of fuel across 14 different states and directly serving seven airports. The network, which you can see below, spans from New... Read more...
AI is spreading, and not in the creepy sci-fi dystopian kind of way, but by way of programs to help manage large tasks in critical business sectors, such as healthcare, finance, and defense. Now, Microsoft is releasing a tool called Counterfit, an “automation tool for security testing AI systems as an open-source project.” This way, companies will be able to “ensure that the algorithms used in their businesses are robust, reliable, and trustworthy.” As mentioned, AI systems are becoming more prevalent in business, powering many different services. Thus, these systems must be secure from adversaries so that important or confidential information is not lost. However, performing... Read more...
At the start of May, researchers at the University of Virginia announced that current Spectre chip vulnerability mitigations could be bypassed entirely, bringing the ghostly security flaw back to life. Intel has now officially responded by claiming that software coded following its specific security guidance protects against these new vulnerabilities. However, UVA  researchers seem to disagree with the general sentiment. The question now is, who is right and what needs to happen to protect end-users? Here's Intel's full statement on the matter... “Intel reviewed the report and informed researchers that existing mitigations were not being bypassed and that this scenario is addressed... Read more...
Back in 2018, a processor security vulnerability called Spectre appeared, affecting all modern CPU architectures from Intel, AMD, and even ARM in the last 20 years. Since then, major players and semiconductor OEMs have worked hard to patch out the vulnerabilities in a cybersecurity whack-a-mole game, in some cases leading to performance loss and other issues. Today, unfortunately, University of Virginia Researchers have now found a way to circumvent all of the original Spectre security mitigations, essentially resurrecting the ghostly security flaw that will now again haunt billions of PCs globally. Of the vulnerabilities that appeared in 2018, Spectre was the nastier of the two primary... Read more...
If you catch the flu, you may be stuck at home or even bedridden for a few days until you get better. If you catch the FluBot malware, you could be at risk of losing sensitive information, such as banking details and personal information. While this malware campaign has not made it across the pond from Europe yet, it could make its way over while wreaking havoc along the way. In late 2020, an Android-based malware was discovered trying to spread itself and capture credit card data. Regardless of the version, the basis for the malware was phishing people with fake links to track packages using reputable names like FedEx and DHL. Once a user clicked a link, it would direct them to download a legitimate-looking... Read more...
Given that data leaks are occurring even more frequently these days, it is a matter of when, not if, your information makes it to the open web. Cybercriminals are constantly on the prowl looking for a new way to make a quick buck, and clearly the system is working for them. New data reports that over 5 billion records were lost to leaks through March, with 3.27 billion of them from one massive set of data alone. According to data collected by Hackmageddon and compiled by AtlasVPN, the five billion records lost came from an outstanding 42 different breaches across January, February, and March. Of those months, January was the busiest with a total of 23 breaches, whereas March was the meekest with... Read more...
From time to time, malware will pop up that affects Apple devices which are typically touted as the superior option to other PCs for their security. This happened earlier this year with the mysterious Silver Sparrow malware that caught thousands of M1 Macs. Now, Mac users are being urged to patch again to prevent actively used malware, bypassing many of Apple’s core security measures with ease. File quarantine, Gatekeeper, and Application Notarization are three utilities that have been introduced over the years to help protect users. Effectively, these tools make it so Apple must essentially sign off on all software that could make it to a Mac. If some software somehow managed to sneak... Read more...
When we hear of ransomware attacks, it usually involves high-value targets, such as the recent $50 million attack against Apple supplier Quanta. This time, a ransomware gang took a different approach and targeted consumers and small businesses using QNAP devices and subsequently encrypted their files. In just five days, the gang managed to collect $260,000 in Bitcoin for unlocking all the devices they took hostage. On Monday, a ransomware operation called Qlocker kicked off, exploiting new vulnerabilities in QNAP NAS devices and leaving users to wake up to their files being locked up. The ransomware gang behind this pulled it off by scanning the web for connected QNAP devices and then locking... Read more...
It does not seem Facebook will be able to catch a break this week after an accidental email revealed the company’s dismissive view of data leakage. The Silicon Valley social media company is facing a possible new leak after a researcher found he could link up to 5 million Facebook accounts to private email addresses daily. On Tuesday, a video made the rounds that showed a researcher, who remains anonymous, demonstrating a tool called “Facebook Email search v1.0.” This person explained to Ars Technica that as many as 5 million emails could be linked to Facebook accounts in a day, even if said emails were private on an account. Interestingly, the only reason we know of this leak... Read more...
This year, there have been several cybersecurity incidents, such as the Microsoft Exchange issue, across numerous industries and government organizations. It appears that the defense industry is now being targeted by at least two China-linked hacking groups who are leveraging Pulse Secure VPN devices from IT company Ivanti. Phil Richard, CSO at Pulse Secure, posted a security update today reporting that the company had been made aware of a new vulnerability with Pulse Connect Secure appliances. Subsequently, the company is working with security company FireEye, among others, to investigate and respond to the exploitative behavior on the vulnerable appliances. Pulse Secure Is An Ivanti Brand... Read more...
The Microsoft Exchange zero-day vulnerabilities seemed to cause quite a bit of havoc across several industries and organizations. Since it was first discovered, however, patches have been rolling out from Microsoft and frantic orders to patch servers have been trickling down. Clearly, that was not enough, as web shells remained on many systems, thus allowing access to the vulnerable systems. Subsequently, the U.S Department of Justice authorized the FBI to disable these web shells and notify the organizations who were breached in a “successful” operation announced yesterday. In January through March, malicious actors and hacking groups used the Microsoft Exchange vulnerabilities... Read more...
A new set of nine vulnerabilities that affect popular TCP/IP stacks, specifically relating to Domain Name Systems (DNS) implementations, were revealed yesterday. According to researchers at Forescout and JSOF, these vulnerabilities, collectively identified as NAME: WRECK, could impact at least 100 million IoT devices, leading to denial of service (DoS) and remote code execution. Forescout reports that the NAME:WRECK vulnerabilities are bugs within TCP/IP stacks FreeBSD, Nucleus NET, IPnet, and NetX. These stacks are used in millions of different devices, and when paired with the “often external exposure of vulnerable DNS clients,” the attack surface can be quite a large target. The... Read more...
Information scraping campaigns are becoming more prevalent, it seems, with LinkedIn recently losing data for 500m million users. Facebook also faced a similar issue with its phone contact search feature, which allowed malicious parties to collect over 500 million users' information. Another company, called Q Link Wireless, could be facing the same issue due to a misconfigured or poorly designed mobile app that could have leaked sensitive data. Perhaps it is time to take a hard look at what data is public and how users can access it. Q Link Wireless is a low-cost mobile provider that also works with the FCC on the Lifeline program to provide free cell phone service to low-income households. They... Read more...
With everyone using Zoom for both work and school, a vulnerability in the software can be especially concerning. This week, researchers competing in a zero-day hunting competition found a bug in Zoom that allowed them to remotely execute code without any necessary action from the target. This find netted the researchers a sum of cash and the concern of Zoom customers everywhere. Pwn2Own is a zero-day hunting contest organized by the Zero Day Initiative, which brings white hat hackers together to make software better by finding vulnerabilities. The multi-day event uncovered many issues in software, but the most interesting one that could have the most impact is with Zoom. We're still confirming... Read more...
Late last month, we reported on a trend of rising cybersecurity incidents worldwide that could lead to the end of some businesses. Now, the latest cyberattack victim is Microsoft-owned GitHub, with reports of cybercriminals leveraging GitHub cloud infrastructure to mine cryptocurrency. Since at least the Fall of 2020, attackers have been abusing a feature called GitHub Actions, which lets users automate tasks and workflows once an event happens within a repository. Once triggered, GitHub Actions can spool up a VM or a container to typically test out code in a live environment. In a phone call to The Record, Dutch security engineer Justin Perdok explained that “at least one threat actor... Read more...
Security breaches and data loss have been rampant problems for companies in recent years, with it seeming like there was a new victim every week. These security issues have also had some dire consequences, such as the first possible ransomware-related death at a hospital. As such, organizations are facing a harsh reality, with decisions that could make or break them. Technology research company Canalys released its analysis of cybersecurity incidents today, and it dropped a bombshell in that “more records were compromised in just 12 months than in the previous 15 years combined.” Companies, on average, had an approximated 61 million records lost, with a loss from public sources totaling... Read more...
Cell phones are a necessity in day-to-day life, allowing communications and access to numerous websites and accounts. Thus, losing access to a phone or text messages could be as bad, if not worse, than losing a credit card. Even more concerning would be if a hacker could intercept texts without the phone's owner even knowing, and it was entirely possible with $16 and some knowledge of a target. Now, cell carriers must shake things up to prevent this problematic issue from happening again. Earlier this month, Vice's Joseph Cox reported that a hacker had "swiftly, stealthily, and largely effortlessly redirected [Cox's] text messages to themselves," gaining access to apps such as Bumble, Postmates,... Read more...
Black Hat hackers, or simply cybercriminals, can be effective in stealing, leaking, or encrypting data in efforts to extort money from organizations. With the advent of the ProxyLogon vulnerabilities for Microsoft Exchange servers, attackers are now taking advantage of the situation and may ramp up attacks in the coming weeks. Earlier this week, we reported on BlackKingdom attempting to encrypt files on vulnerable Exchange servers and they are at it again. Yesterday, Microsoft Senior Threat Intelligence Analyst Kevin Beaumont reported that BlackKingdom ransomware had, in fact, encrypted files on his honeypot servers. What the criminals failed to do is exclude system critical files so when the... Read more...
1 2 3 4 5 Next