Items tagged with cybersecurity
Over the last couple of days, a vulnerability tracked as CVE-2021-34527 has made the rounds, making IT people quite nervous. The cybersecurity threat, also dubbed PrintNightmare, exploits a flaw within the Windows Print Spooler, allowing for remote code execution on a system. Now, Microsoft has provided mitigation guidance to block these attacks on vulnerable devices around the world. The CVE (common vulnerability enumeration), published yesterday by Microsoft, outlined the vulnerability that recently cropped up affecting the Windows Print Spooler. The executive summary explains that remote code execution can occur when the Windows Print Spooler service “improperly performs privileged file...
Read more...
As cybersecurity solutions tighten up and prevent many attacks, threat actors are looking for new and innovative ways to attack systems. This has led to a rise in attacks that start “outside and below the operating system layer,” such as firmware attacks and ransomware attacks through VPN devices or other internet-facing devices, as Microsoft explains. Thus, it is critical to secure software that runs things like routers, as the Redmond-based company has now discovered. Published on the Microsoft Security blog yesterday, the MS365 Defender Research Team was researching device fingerprinting within Microsoft Defender for Endpoint when the team found some interesting activity. Microsoft...
Read more...
Last week, hundreds if not thousands of My Book Live customers awoke to their devices being wiped and, in some cases, unrecoverable. At that time, it was simply thought that Western Digital had not patched a critical vulnerability from 2018 that allowed attackers to do this, but it seems there is more to the story than initially thought. On June 23rd, WD Community Forum user sunspeak created a forum post that would ultimately spearhead the community outcry over the wiping of My Book Live devices. There have now been over 46,000 views and 763 replies on that post at the time of writing, some of which have devolved into fighting whether a company can just "end-of-life" (EOL) a product and not support...
Read more...
When people are hit by malware, it typically ends with files being locked or some other terrible outcome for the end-user. However, researchers have now discovered a piece of malware that turns the tables on people who try to pirate content by blocking illegal websites. As it turns out, perhaps not all malware is bad… Sophos researcher Andrew Brandt reported yesterday that the mysterious vigilante malware typically came packaged in fake games sent over Discord. However, it could also come bundled with productivity or security tools like "AVG Remediation" or "Microsoft Visual Studio Enterprise 2019." When the fake software is first run, it creates a fake popup saying a dynamically linked...
Read more...
Sometimes you may not know that you have been infected with malware until it is too late, as is likely the case for users across more than three million Windows-based computers globally. In a stunning revelation, in the two years between 2018 and 2020, a Trojan-like malware managed to infiltrate millions of Windows devices and extract 1.2 terabytes of personal information. On Wednesday, NordLocker, a subsidiary of NordVPN, released malware research that led to discovering a database of stolen data. The stolen information includes nearly 26 million login credentials with 1.1 million unique email addresses, 2 billion or more cookies, and roughly 6.6 million files. Over 50 percent of the stolen...
Read more...
A seven-year-old local privilege escalation bug has reared its head and finally got a fix. When it was available, exploiting the vulnerability in the polkit authentication service could have allowed attackers to get a root shell on several actively-used Linux distros. On Linux, polkit is effectively a bouncer of sorts who decides whether a user is allowed to do something that requires higher privileges. Discovered by security researcher Kevin Backhouse, the polkit bug that allows users to break this security was introduced in a commit that shipped with service version .0113 over seven years ago. To exploit this, it only takes a few terminal commands to create a user that is a member of the sudo-group....
Read more...
The Golden Arches are not so shiny today it seems, as the world's biggest fast-food chain, McDonald's, has been hit by an international data breach. The company reported today that hackers have stolen data containing employee and restaurant information from its South Korean, Taiwanese, and United States markets. Though it is believed that the data was not sensitive nor personal, it still raises concerns for the future. Recently, McDonald's discovered unauthorized activity on an internal security system, which prompted the company to lock things down and cut off access. Following this security incident, external cybersecurity consultants were brought in to investigate and found that indeed...
Read more...
Cybersecurity is a hot topic nowadays, with attacks happening frequently like the Colonial Pipeline or JBS Global ransomware attacks. Now, it appears that EA is facing its own issues after hackers allegedly managed to exfiltrate around 780GB of source code, frameworks, and engine tools from the company. Recently, hackers began boasting about their recent EA attack on private hacking forums. In the posts, the hackers explained that they took FIFA 21 source code, Frostbite engine source code and tools, proprietary EA frameworks and software development kits, and code bundles to streamline game development. This adds up to 780GB of data which has gone up for sale on a variety of forums for "Only...
Read more...
In May, the biggest fuel provider to the U.S. eastern seaboard was hit with ransomware from Russian hacking group DarkSide. Colonial Pipeline decided to pay the ransom to decrypt some of its files to get back to operational status, but those efforts were hampered by a slow decryption tool offered by the attackers. Thankfully, the U.S. Justice Department reports that it has now recovered much of the multi-million-dollar ransom payment. On May 9th, Colonial Pipeline reported that it needed to shutter its pipeline network, spanning from Texas to New Jersey, due to a security incident. What we later found out to be ransomware effectively paused the 2.5 million barrels of fuel from reaching communities...
Read more...
Though industrial cyberattacks, such as those on JBS Global or Colonial Pipeline, are on the rise, the problem is not exclusive to businesses. According to new research, consumer cyber threats jumped nearly 83% in 2020. With new types of malware skyrocketing, users now need to be more careful than ever. Today, Atlas VPN extracted some interesting data from Malwarebytes' State of Malware 2021 report that gives insight into the company's malware detections via software globally. The most commonly detected threat was HackTool, a piece of riskware that allows users to use Microsoft software illegally. In 2019, there were only 511,848 detections, whereas, in 2020, there were 11.35 million warnings,...
Read more...
Cybersecurity incidents are on the rise as of late, leaving companies floundering and threat actors perhaps a little richer. The world’s biggest meat processing company JBS has been added to the list, confirming that it recently fell victim to a cyber attack. This appears to have had rippling effects across the industry, but the company is now on the mend. Yesterday, JBS USA released a statement explaining that it had “determined that it was the target of an organised cybersecurity attack, affecting some of the servers supporting its North American and Australian IT systems.” In an attempt to counter the malicious actors, the company suspended affected systems, contacted authorities,...
Read more...
Late last week, we reported that the SolarWinds hackers from last year, called Nobelium, were back in action targeting NGOs around the world, according to data from Microsoft. Now, the Redmond-based company is providing an update on its investigation and some context to the situation. In January, the advanced Russian hacking group Nobelium began ramping up a phishing campaign, targeting "government agencies, think tanks, consultants, and non-governmental organizations." More recently, however, the group gained access to the USAID's "Constant Contact" marketing account, allowing them to send authentic-looking emails with malware embedded to the group's targets. Thankfully, Microsoft's Defender...
Read more...
The threat actors behind the SolarWinds attacks late last year have come back online and are targeting international development, humanitarian, and human rights organizations, according to new data from Microsoft. The Russian-based hacking group, called Nobelium, managed to compromise an email marketing account for USAID and has distributed phishing emails with attached malware to the targeted companies. Yesterday, Microsoft reports that Nobelium started its attacks this week by breaching USAID's "Constant Contact" account, which is simply an email marketing account. Using this account, the threat actors were "able to distribute phishing emails that looked authentic but included a link that,...
Read more...
Cloud-based additions to mobile apps have become commonplace, but they are not always the best thing for consumers or developers. According to new research, by either misconfiguration or simple lack of security best practices, some mobile app developers have left the personal data of over 100 million people at risk. Cyber threat intelligence company Check Point Research (hereafter CPR) recently discovered that many application developers put user data at risk by not following best practices when “configuring and integrating 3rd party cloud services into applications.” This vulnerable data could include both the developers’ as well as the consumers’ information, which is...
Read more...
Earlier this year, one of the largest insurance providers in the U.S. was hit by a ransomware attack that managed to cripple its network and exfiltrate data. According to people familiar with the situation, CNA Financial Corp. out of Chicago, Illinois, paid $40 million to wrest control of its network back in March. The people familiar with the situation, who were not authorized to publicly speak on the matter, discussed the hack with Bloomberg. It is reported that the company paid hackers “about two weeks after a trove of company data was stolen, and CNA officials were locked out of their network.” When asked specifically about the ransom payment, CNA declined to comment specifically...
Read more...
After a cybercriminal manages to breach a network, it is not all about immediately attacking the target. New research shows that these black hat hackers may lie dormant or lurk on a network for around 250 hours on average before an attack kicks off or they are detected. This means that organizations should know that the clock is always ticking to quarantine a problem before it turns into a nightmare, like the recent Colonial Pipeline attack. Defending an organization from cyberattacks is no small feat when the threat constantly adapts to new evasion techniques and evolves the attack toolset. Generally, these adversaries like to try and stay one step ahead of the security team and often are; however,...
Read more...
Over the past two weeks, Colonial Pipeline has been battling a ransomware attack that crippled fuel flow to the eastern seaboard. This was supposedly not intended to be as catastrophic as it was, but the hacking group behind the attack, DarkSide, has quite a bit of experience in ransomware. The group has reportedly extracted approximately $90 million in Bitcoin from 47 different cryptocurrency wallets, with many more victims opting not to pay the ransom. Ransomware is becoming a highly profitable business model for hackers, and even more so when “Ransomware as a Service” (RaaS) is implemented. DarkSide is an example of this model, wherein there is a ransomware developer who oversees...
Read more...
Ransomware attacks have been on the rise lately, and both organizations and consumers need to protect themselves as best they can before the problem worsens over time. As it turns out, one of the most popular and widespread operating systems, Windows 10, has ransomware protection, and it is super simple to turn on so you too can be protected. Ransomware has become one of the most prevalent and profitable forms of cyberattack, with hackers around the globe locking up files in exchange for cryptocurrency or cash. These locked-up files could include family photos, personal documents, or even trade secrets, all of which could be priceless. However, as we saw with Colonial Pipeline doling out $5 million...
Read more...
We have seen major OEMs tinker with drivers and system settings for workarounds and various fixes in games and other apps before. And now that AMD is firmly back in the mainstream desktop processor race, the company is occasionally under the microscope with power users and developers that stumble onto similar patch type efforts. In that regard, it appears Ryzen systems may pose a potential cause for concern. A researcher has found a seemingly disguised AMD driver toggling certain system behaviors when it detects a list of games, which could open the door to security vulnerabilities and other issues. This past Saturday, security researcher and Windows Internals expert Alex Ionescu was working...
Read more...
Cyber-attacks have seemingly ramped-up in the last few weeks, like the Colonial Pipeline ransomware incident that netted a cool $5 million for the criminal attackers. Now, cyber-thugs have crippled the Irish Health Service Executive's (HSE) computer systems in what could be "the most significant cybercrime attack on the Irish state," notes Irish minister of state Ossian Smyth. Yesterday, the Twitter account for the HSE, the primary health service provider in Ireland, tweeted that there has been a significant ransomware attack on its systems. To help contain this attack, the org decided to shut down all of the systems "in order to protect them from this attack and to allow us fully assess the...
Read more...
Yesterday was Microsoft’s routine Patch Tuesday release, which tackled quite a few vulnerabilities, 55 to be exact. Though this may seem like a lot, it is actually the smallest update from the company since 2020, but it does take care of some big problems. This includes a rather worrisome wormable HTTP protocol-stack vulnerability within Windows that thankfully has not been seen exploited in the wild. Of the 55 fixes coming with this patch, the wormable HTTP protocol-stack vulnerability, denoted by CVE-2021-31166, is the most concerning. This vulnerability has been given a rather high Common Vulnerability Scoring System (CVSS) score at 9.8 out of 10, which means it can be dangerous if used....
Read more...
Yesterday, we reported on a ransomware attack that targeted Colonial Pipeline, and by association, the eastern seaboard after the company had to shut off its pipeline network. Now, the FBI has tied the ransomware attack on the fuel company to a newly formed group called “DarkSide,” who has been incredibly quiet about the situation until today. On May 7th, Colonial Pipeline learned that they had been the victim of a cybersecurity incident and then “proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations.” Since then, the company has slowly restored services to its customers in Texas through New Jersey. The company’s...
Read more...
