Items tagged with cybersecurity

Typically, ransomware attacks that are seemingly on the increase around the globe are the cause of financial loss and lack of productivity. However, a ransomware attack on a hospital in Germany has reportedly led to the first known death indirectly attributed to such attacks. German authorities are currently investigating a death following the ransomware attack on Düsseldorf University Hospital. Today, German media reported on the closure of the hospital’s emergency room due to the ransomware attack. As it was closed, a woman in need of emergency medical attention was turned away and subsequently succumbed to her illness. Alongside this tragic event, the hospital has not been able... Read more...
Secura digital security advisors and researchers, have discovered a highly critical vulnerability with Active Directory domain controllers. Rated as a 10 of 10 on the Common Vulnerability Scoring System (CVSS), this exploit, dubbed Zerologon, allows nefarious people to take over the domain controller and execute privilege escalations. The Zerologon exploit takes advantage of how the Netlogon Remote Protocol works. Typically, this protocol is used for machine and user authentication, as well as updating passwords within a domain. To utilize this exploit, one only needs to set up a TCP connection to the domain controller (DC) and you can spoof a client to go from there. This client spoofing works... Read more...
The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a warning about a growing threat from criminals seeking to take advantage of people working from home and using a VPN or virtual private network. Apparently there's a growing threat from voice call phishing or "vishing" attacks targeting corporate VPNs. One known service that was discovered allows people to hire a criminal ring with the goal of stealing VPN credentials, and other sensitive data from employees who are working remotely. The security alert issued says that in mid-July 2020, cybercriminals began vishing campaigns aiming to gain access to employee tools at multiple companies, and ultimately to monetize... Read more...
It is rather rare to be able to peek behind the scenes for a look at how a state-sponsored threat group operates. However, a recent mistake has provided security researchers with information about the methods of the group referred to as “ITG18.” The security researchers discovered training videos that were accidentally uploaded by the Iranian hackers to an unprotected server. The video footage reveals some of the hackers’ techniques and their preferred targets. ITG18 is an Iranian state-sponsored threat group. They are also referred to as APT35 or Charming Kitten by other security researchers. The group uploaded more than 40 gigabytes of data onto an unprotected server back... Read more...
Security researchers at Sophos have been investigating a pair of ransomware attacks where the attackers used legitimate, digitally signed hardware driver to delete security products from targeted computers. Once the security products were deleted from the target machines, the destructive file encryption portion of the attack was launched. The signed driver that was used is part of a deprecated software package from Gigabyte, a mainboard and computer hardware manufacturer. The software had a known vulnerability tracked as CVE-2018-19320. The vulnerability, along with proof-of-concept code was published in 2018. At the time, Gigabyte denied that the vulnerability impacted its products. Later it... Read more...
On March 5th, 2019, an unprecedented Denial of Service (DoS) cyberattack occurred on American soil, targeted at the US power grid. This attack mainly affected the Western United States, and was a fortunately low-impact attack. No blackouts were caused, and the machines in question were out of commission for no more than five minutes, according to the North American Electric Reliability Corp, or NERC. Even so, this leaves a historical mark on American infrastructure, and clearly demonstrates the dangers of increased connectivity. A simple firewall vulnerability was enough to cause multiple devices to be compromised and rebooted from a single point of failure. While the impact this time around... Read more...
Facebook must once again deal with the repercussions of a major security blunder. An exposed server recently published more than 419 million phone numbers and Facebook IDs. At least 133 million of those phone numbers were based in the United States. Anyone could have accessed the information before the server was finally taken down. Security researcher Sanyam Jain was the first to find the exposed server. The server was not owned by Facebook, but still contained users’ Facebook IDs and phone numbers. A Facebook ID is a public number that is associated with an account. The number often contains portions of a person’s Facebook name and it is not difficult to determine the owner of the... Read more...
Hacks are happening all the time with some giving information on user accounts like the Flipboard hack we talked about recently. Other hacks are much grander in scale, like the attack against the city of Baltimore that resulted in most of the cities systems being locked out. Another significant hack has happened, and this one is a hack of a hotel management company that backs some of the largest hotel chains in the world. The hotel management company in question is Pyramid Hotel Group, and it manages many Marriott locations. The company had a server that left an unsecured database containing security logs that could give nefarious types an idea about cybersecurity weaknesses of the hotels. The... Read more...
It feels like we hear about a new cybersecurity attack nearly everyday. Hackers use phishing, keylogging, and targeted attacks to gain access to sensitive information. Is there anything we can do to prevent what appears to be the inevitable? According to a recent study by Google, basic account hygiene can greatly reduce hijacking. Google conducted a year-long study alongside researchers from New York University and the University of California, San Diego. They studied wide-scale attacks and presented their findings at the Web Conference in San Francisco. The purpose of the study was to determine whether basic security measures could truly decrease the success rate of hackers. The study determined... Read more...
The United States and People’s Republic of China have been engaged in a trade war for the last few years. The US is reportedly about to take this battle to the next level. President Trump will likely sign an executive order this week that would prohibit telecommunications companies from using equipment from companies such as Huawei. Three anonymous officials insisted that an upcoming executive order would ban telecommunications providers from using products from other companies that have been deemed a threat to national security. It is no secret that the United States believes that Chinese telecommunications company Huawei is a threat. The Central Intelligence Agency (CIA) recently confirmed... Read more...
There are few things more annoying in the modern world than having to change your password every few months. Experts have long argued that password reset rules do little to actually promote security. Microsoft is the latest company to propose dropping password expiration policies. Aaron Margosis the Principal Consultant with Microsoft Public Sector Services, recently remarked that, “periodic password expiration is an ancient and obsolete mitigation of very low value.” Margosis first noted that the amount of time between password changes is ridiculously long. If a password has been stolen, then the account password needs to be changed immediately. A 60-90 day interval will not prevent... Read more...
Typically when we talk about malware, we are talking about malicious code that is hidden inside software to try and take advantage of end users. An example is a malware that was hiding aboard a fake Adobe Flash update that was designed to install cryptocurrency mining software or other nefarious payloads. Earlier this month, another malware making the rounds was able to steal PayPal account balances despite users having two-factor authentication enabled. Today, a new malware has been identified and this one isn't attacking end users, it's attacking major newspapers around the U.S., underscoring new areas of concern with respect to IT security. The Los Angles Times has confirmed a malware attack... Read more...
Two-factor authentication (2FA) is usually touted as an effective layer of security for online account. Many people have recently learned the hard way that this method may not be as helpful as it seems. Hackers have targeted nearly 1,000 Google and Yahoo accounts by bypassing two-factor authentication. Amnesty International, a non-profit group, recently published a report that documented the phishing attacks. The attacks have specifically targeted journalists and activists in the Middle East and North Africa in 2017 and 2018. Amnesty International believes that the hackers are based in Persian Gulf countries. How does the attack work? First, the attackers sent out convincing “security alerts”... Read more...
The United States is currently trying to persuade its allies to ban all Huawei devices. Government officials are concerned that Huawei and other Chinese telecommunication companies are a cybersecurity threat. The United States fears that the devices could be used to spy on users and could be easily controlled by the Chinese intelligence agencies. This past August, President Trump attempted to prohibit government use of devices from Huawei and fellow Chinese telecommunications company ZTE. Australia quickly followed in the United States’ footsteps and banned both companies from supplying 5G technology. The United States is now particularly concerned that these devices could be used against... Read more...
There have been many concerns over the last few years that foreign entities have been interfering in elections. Microsoft is launching its AccountGuard initiative to protect elections and political campaigns from cyberattacks. AccountGuard is a free program for candidates, campaign offices, and other political institutions that already use Office 365, and it covers both personal and organizational accounts. Microsoft will notify the person or organizations if their accounts are threatened, will offer security advice and training, and will allow their customers to adopt previews of new programs. Microsoft believes that AccountGuard is particularly relevant in light of their recent entanglement... Read more...
Equifax may be now getting its public lashings for a cybersecurity breach that resulted in personal information of 143 million Americans being exposed to hackers, but it appears that the Securities and Exchange Commission (SEC) has a few skeletons in its closet as well. The regulatory agencies announced late last night that its EDGAR database was hacked last year. At the time, the SEC did not make any public disclosures regarding the hack, which took advantage of a vulnerability in the EDGAR test filing system. However, once it discovered the intrusion, it quickly patched it and went about its normal activities. However, in August 2017, the SEC noticed that the prior EDGAR infiltration might... Read more...
This could be the mother of all cyberattacks; Equifax just announced that it experienced a "cybersecurity incident" that occurred between mid-May of this year through late July. During that time, malicious parties were able to gain access to some of its online databases courtesy of a website vulnerability. As a result, over 143 million -- yes, MILLION -- U.S. consumers are affected by the data breach. We're not just talking about names and birth dates (yes, those were included), but also Social Security numbers. In some cases, even driver license numbers were obtained by the hackers. And that's not all; dispute documents with "personal identifying information" of 182,000 customers was accessed... Read more...
  The United Kingdom is basking in the glory of its latest warship: the HMS Queen Elizabeth. The 65,000-ton aircraft carrier cost nearly $4 billion to construct and began its first sea trials on Monday. But the carrier’s big budget price tag isn’t the only thing that is raising eyebrows; it is the British Royal Navy’s decision to allow critical systems on the ship to be powered by Microsoft’s ancient Windows XP operating system. Windows XP was first released to the public in 2001, and commercial support for the operating system ended in 2014. However, many businesses and militaries around the globe still use Windows XP to this day even though newer operating systems like Windows 7, Windows... Read more...
In what is being billed as one of the largest data leaks recorded in the United States, an analytics firm contracted by the Republican National Committee (RNC) was found to have exposed the personal details and political biases of nearly 200 million Americans. According to Chris Vickery, a risk analyst for cybersecurity firm UpGuard, the information was left exposed on the internet due to a “misconfigured database” using Amazon Web Services for server storage. The firm responsible for this serious lapse in security was Deep Root Analytics. Over 1.1 terabytes of data was made publicly available via the internet for twelve whole days (it wasn’t password protected). During that time, anyone could... Read more...
Do we need a “digital” Geneva Convention? Microsoft certainly thinks so. The corporation’s Chief Legal Officer Brad Smith recently argued that a digital Geneva Convention would potentially be able to protect civilians from state-sponsored cyber-warfare. First, what is the Geneva Convention? The Geneva Convention is comprised of four treaties and three protocols that outline the international law for humanitarian treatment in war. One of the main purposes of the Geneva Convention is to protect civilians, soldiers incapable of fighting, and prisoners of war.Smith noted that 74 percent of businesses expect to be hacked this year, and the estimated loss from cybercrime will be $3 trillion USD by... Read more...
What do you collect? Rare stamps? Falcons fans’ tears? How about classified national defense documents? Former National Security Agency (NSA) contractor Harold Thomas Martin III was recently indicted by a federal grand jury on the charge that he purposely collected classified information regarding national defense. He faces twenty criminal accounts, each punishable by up to 10 years in prison. Rod J. Rosenstein, the United States attorney for Maryland, remarked, “The indictment alleges that for as long as two decades, Harold Martin flagrantly abused the trust placed in him by the government by stealing documents containing highly classified information.”Martin spent over twenty years hoarding... Read more...
The White House recently appointed Gregory Touhill, a retired U.S. Air Force brigadier general, as the government’s first federal cyber security chief. The position was announced eight months ago as an attempt prevent and defend against hackers. The position is part of a $19 billion “cyber security national action plan”. Touhill will be responsible for creating and implementing new cyber security plans as well as conducting audits. He will report to Tony Scott, the federal chief information officer and former executive at business software company VMware. Touhill could potentially be replaced when the next president is sworn it, because the position is a political one. President Obama at a cybersecurity... Read more...
1 2 Next