Items tagged with cybersecurity
Zoom has become one of the most popular video conferencing solutions for working and learning from home since the start of the COVID-19 pandemic. Given that the platform is so popular, it is not surprising that security flaws pop up from time to time. Subsequently, researchers from Germany have discovered a glitch in Zoom's screen-sharing feature, which could leak all sorts of data if captured. The glitch denoted as CVE-2021-28133, "sometimes allows attackers to read private information on a participant's screen, even though the participant never attempted to share the private part of their screen." This can happen when a specific window is being screen-shared, and a background application is...
Read more...
Over the last nearly two weeks, we have seen Microsoft deploying emergency patches and telling companies to secure Exchange servers due to Chinese hackers exploiting a 0-day vulnerability. When vulnerabilities such as this are published, security researchers and hackers alike jump on the opportunity to develop proof-of-concept code and working exploits. Microsoft is not a fan of this, though, as it has removed a proof-of-concept from its code-repository site, GitHub. As the situation has developed, security researchers have delved into the Microsoft Exchange problem to replicate other hackers' work and complete research on what happened. One of these researchers, Nguyen Jang, posted their proof-of-concept...
Read more...
Earlier in the week, hackers gained access to over 150,000 Verkada customer camera feeds that allowed them to grab screenshots and video clips. This breach happened because of a “Super Admin” account that was able to view any camera feed. Now, former Verkada employees are coming forward to explain that any employee could view the camera feeds, and security was lackadaisical at best. On Monday, hackers gained access to the “Super Admin” account, which allowed them to view and capture video from schools, hospitals along with companies such as Tesla, Cloudflare, and Verkada itself. Now, three former employees have come forward to explain this “Super Admin” account...
Read more...
In January, Google warned security researchers about sneaky social engineering and hacking attempts coming from North Korea. Originally, the Google Threat Analysis Group (TAG), and other researchers found that the North Korean hacker’s blog compromised anyone who visited the website. Now, Microsoft has patched the critical vulnerability that affected the researchers through Internet Explorer and Microsoft Edge. When TAG announced the researcher attacks earlier this year, several people came forward, explaining that fake researchers reached out to them to “collaborate” on a project. After some time of building trust, the malicious hackers asked the researchers to use Internet...
Read more...
Over the last couple of weeks, hackers have been out in force, breaking into Microsoft Exchange and other services. Now, a group of international hackers who view themselves as vigilantes have breached Silicon Valley-startup Verkada Inc. This gave the hackers access to the live feeds of 150,000 surveillance cameras installed in numerous businesses and organizations. Today, the hacker group went public, explaining that they had footage from Tesla, Cloudflare Inc., and many other high-profile organizations. Moreover, the hackers accessed footage from “inside women’s health clinics, psychiatric hospitals and the offices of Verkada itself.” One video even showed footage from...
Read more...
Today, Intel signed an agreement with the Defense Advanced Research Projects Agency (DARPA) to "perform in its Data Protection in Virtual Environments (DPRIVE) program." This means that the company will now be working on fully homomorphic encryption, dubbed the "holy grail" of cybersecurity or "the final frontier' in data privacy." Furthermore, Intel has announced a partnership with Microsoft to complete testing in the cloud and help drive the technology's commercial adoption. Fully homomorphic encryption (FHE) is a means by which data and privacy can be protected, but a computer can still use information. In essence, FHE allows encrypted data to be used in computing, and the decrypted output...
Read more...
When we report on cybersecurity breaches, all too often it involves innocent individuals (or companies) that are on the receiving end of the attack. Such is the case with Chinese hackers that exploited Microsoft Exchange servers. Now, it appears that a hacker vigilante has breached four long-running and venerated Russian cybercrime forums. In two of the hacks, the vigilante made off with the forums’ user databases, which could prove to be problematic for the black-hat hackers on the forums. Earlier in the week, thousands of usernames, email addresses, and encrypted passwords were leaked on the dark web, and they all seemed to come from an “exclusive crime forum that has for more...
Read more...
When someone resets a password, a code is typically sent to an account holder's email, which is then input into a website (or app) for verification purposes. Moreover, protections should prevent that code from being brute-forced by a hacker, but this isn't always the case. Laxman Muthiyah, a security researcher, recently reported that he could have hacked any Microsoft or Instagram account due to flaws in how the password changing mechanism was implemented. Last year, Muthiyah collected around $80,000 between two bug bounty programs from Facebook and Microsoft after finding similar issues with both companies' password change processes. In the Instagram vulnerability, a password recovery system...
Read more...
Now that Microsoft’s investigation into the Solorigate hack has concluded, it is time to pick up the pieces and plot a [secure] path forward. In doing this, Microsoft has internally utilized several tools, including CodeQL, to hunt for Solorigate activity. Microsoft, however, “believes in leading with transparency and sharing intelligence with the community for the betterment of security practices and posture across the industry as a whole,” and is subsequently sharing its tools to help other companies in hunting Solorigate. According to Microsoft’s blog post, CodeQL is “a powerful semantic code analysis engine” which works by a two-pronged approach. When code...
Read more...
The Solorigate hack, which ensnared Microsoft, is finally coming to a close for the Redmond, Washington-based company. The Microsoft Security Response Center (MSRC) team wrote a blog post explaining what they had found in the now-completed investigation following the SolarWinds ordeal. It seems that while hackers stole some files, it was not a big deal for Microsoft as this only reinforced the policies the company has in place. In December of last year, cybersecurity company FireEye discovered hackers had breached SolarWinds Orion, an IT administration and management software package. The hack was found to date back to Spring of 2020, meaning any Orion customer could have been infiltrated. This...
Read more...
Since December, a breach at I.T. administration and monitoring software company SolarWinds has been unfurling to reveal several serious security issues. Many companies and government organizations had data accessed and perhaps even stolen. Now, in an interview that gave an interesting insight into the situation, Microsoft's president Brad Smith called the hack the "largest and most sophisticated attack the world has ever seen." SolarWinds Orion, as CBS's 60 Minutes explains, is "one of the most ubiquitous software products you probably never heard of, but to thousands of I.T. departments worldwide, it's indispensable." The software, which simplified I.T. administration and management, touted...
Read more...
As long as computers have been around, there have been hackers who have progressively improved and become sneakier at exploiting them. Last year, Microsoft used Microsoft 365 Defender data to find that web shell attacks, which are simple yet effective pieces of malicious code embedded into a web server, are rising. This year, they found that trend “not only continued, it accelerated: every month from August 2020 to January 2021.” Web shells, as Microsoft describes, are just “a small piece of malicious code,” that “allows attackers to run commands on servers to steal data or use the server as launch pad for other activities like credential theft, lateral movement,...
Read more...
Internet of Things (IoT) devices are prevalent in our daily lives, from voice-control hubs to smart cooking devices. Millions of these types of devices exist in people's homes, and many could have been vulnerable to significant security flaws. Though the issues have been found and largely fixed, it is an important cybersecurity lesson that "history repeats itself." Today, Forescout published a research article detailing what they have called "NUMBER:JACK," a collection of nine vulnerabilities affecting TCP/IP stacks. In short, to make sure every TCP connection is unique and cannot be interfered with, a random number is generated, called an Initial Sequence Number (ISN). If a TCP connection...
Read more...
Some of the United State’s most critical infrastructure are incredibly vulnerable to attack, as we are now finding out. Last Friday, a plant operator at a water treatment facility in Oldsmar, Florida, noticed his mouse dashing around on the screen. The operator did not think much of it then, but when it happened a second time, security alarm bells were raised after the hacker attempted to raise the level of sodium hydroxide, or lye, 100-fold in the water supply. According to the press conference with Pinellas County Sheriff Bob Gualtieri, the system was regularly accessed remotely, so the operator didn't think much of it. Upon the second attack and attempted change of sodium hydroxide through...
Read more...
Security researchers beware, as Google is reporting that a “government-backed entity based in North Korea” is targeting anyone working on vulnerability research and development. These attackers use several different accounts and means of communication to reach out to a target. Then, they share that they have a 0-day available for research, but it is instead just a trap ending in a compromised device. In a report published yesterday, the Google Threat Analysis Group (TAG) announced this dangerous situation that is still developing. To build credibility, the attackers created several different Twitter accounts for interacting with people and posting blog links, videos, and retweeting...
Read more...
Do you know when thieves leave their stolen goods out on the front porch for all to see, just because? We didn't think so. Sometimes hackers can be the dumber equivalent of thieves, as we have now found out. It appears that hackers behind a global phishing campaign did not protect their stolen goods and left them out for Google to index. Phishing campaigns are incredibly effective methods by which someone or a group collects passwords, usernames, and other information from uneducated targets. This campaign mistakenly shared its haul with the world operated by having fake Microsoft Office 365 login screens and then redirecting it to the proper location. They were successful enough with this endeavor...
Read more...
The SolarWinds breach and subsequent attacks are shaping up to be the most elaborate and long-lasting attacks in some time. Microsoft has done a deep dive into the second stage of the attacks and has found that the attackers are both skilled and elusive. Overall, though, the deep-dive gives us a look into what transpired to make these attacks tick, and it is rather interesting. Once on a network through the Solorigate backdoor (SUNBURST), getting anything done requires new malicious software and a level of secrecy that can be difficult to maintain. Moreover, when executing an attack, you do not want to burn the entire bridge if discovered on a network. Thus, the SolarWinds hackers attempted to...
Read more...
The crazy train that is WhatsApp right now does not look like it will be stopping any time soon. After the privacy policy fiasco, which is still developing, other issues have popped up simultaneously. It appears that Google is indexing a WhatsApp subdomain that can share users’ phone numbers. Furthermore, there are also other issues with WhatsApp that scammers can use to social engineer people, as we are just now learning. This is an absolute nightmare for privacy and security again, and should concern every WhatsApp user at present. Last year, WhatsApp had chat invite links indexed on Google, meaning they were searchable by anyone who knew what to look for. The search techniques could...
Read more...
The SolarWinds breach has been pervasive, and the world is still reeling from the effects. We have heard that hackers accessed data from Microsoft, U.S Government agencies, and other high-profile companies. Now we're learning about the full scope of the data that was allegedly obtained. A website recently appeared alleging that some of this data is available for sale, including partial Microsoft Windows source code for a whopping $600,000. That is just a bit more expensive than a real Windows license. The hackers, who seem to be operating under the moniker of “SolarLeaks,” describe their escapades as a “recent adventure.” Now, they are selling the spoils of this adventure...
Read more...
It seems getting hacked has become a near-daily occurrence that people should expect will happen at some point. Yesterday, people reported that Ubiquiti, a major vendor of internet of things (IoT) devices such as routers, security cameras, access points, and more, suffered a breach through a third-party cloud provider. The New York City-based company has now urged customers to change their passwords and enable multi-factor authentication as account information and credentials could be at risk. Both in an email and a forum post, Ubiquiti reported that they had “recently became aware of unauthorized access to certain of our information technology systems hosted by a third-party cloud provider.”...
Read more...
The massive SolarWinds breach that has even ensnared Microsoft still has rippling effects. According to reports, it seems that hackers may have exposed sealed U.S. court documents. Simultaneously, SolarWinds is trying to clean up and close security holes following the attacks that used its software. The company has since hired several big names in the security world to help out, such as Chris Krebs, former director of the Cybersecurity and Infrastructure Security Agency (CISA). This week, the Administrative Office of the U.S. Courts reported in a memo that the SolarWinds breach may have “jeopardized the privacy of countless sealed court documents on file with the U.S. federal court system”...
Read more...
Earlier in December, we reported that hackers had breached the SolarWinds Orion platform, a software package dedicated to IT resource management. Ever since it was reported that the breach stretched back to Spring of 2020, numerous government agencies and private companies have indicated that they too were breached. Microsoft, who was at the tip of the spear when it came to the response, reported that it had been breached as well. Now, Microsoft says hackers viewed source code repositories and tried to expand their capabilities on the Microsoft network. Since beginning its investigation on December 17th, Microsoft has maintained that no customer data or production services were accessed. The...
Read more...
