Items tagged with cybersecurity
As cybersecurity attacks continue to rise, companies are stepping in to provide digital weapons to anyone with ill-will and deep enough pockets. One of these companies, NSO Group, is trying to hide behind legal immunity granted by government clients. If this immunity were granted, it would set a dangerous precedent and lead to many other issues. The NSO Group is a technology and cybersecurity company or "mercenary," as Microsoft describes. NSO Group claims on its website that they create "technology that helps government agencies prevent and investigate terrorism and crime to save thousands of lives around the globe." That is a rather noble-sounding description for someone who effectively manufactures...
Read more...
Over the weekend, it was announced that a nation-state actor had breached SolarWinds’ Orion service as early as Spring of this year. The Orion platform is an all-in-one solution for IT administration and monitoring, among other utilities. It is used by companies and governments worldwide, and it appears that the U.S government was a target of interest in the attack. According to sources familiar with the situation, the nation-state actors have been monitoring email at the U.S Treasury and Commerce departments, but they may not be the only agency to be breached. The SolarWinds Orion attack is being dubbed as “Sunburst” by security researchers at FireEye, a cybersecurity firm....
Read more...
Simply put, malware and adware sucks, especially when it tries to be sneaky. Thankfully, Microsoft is on the prowl for malicious software trying to worm its way onto people’s systems. Since at least May of this year, Microsoft discovered a “persistent malware campaign” that peaked in August with over 30,000 devices infected. The malware, dubbed “Adrozek,” adds browser extensions, modifies DLL files, and inserts ads into web pages and search results. Perhaps it is time to run a malware scan, eh? The family of browser-modifying malware called Adrozek is quite the little bugger as far as malware goes. It affects multiple different browsers, such as Microsoft Edge, Google...
Read more...
In the early days of the COVID-19 pandemic, IBM created a global security task force, called X-Force, dedicated to threat intelligence and analysis for organizations that are part of the vaccine supply chain. The work the task force has put forth has apparently yielded success as the group just announced that it discovered a global phishing campaign targeting COVID-19 "cold chain" organizations. These cold chain orgs are reportedly a vital part of the COVID-19 supply chain as they ensure that vaccines are preserved in cold temperatures so they remain effective. According to IBM’s X-Force, the phishing campaign began in September of this year, spanning across six countries and several...
Read more...
In May of this year, Apple patched a silent but deadly exploit that went after iPhones using specially crafted wireless payloads. This exploit is a simple memory corruption attack that allows any malicious person to do whatever they want to an iPhone: be it collecting data such as images and messages, or shutting down the device entirely. First unveiled on Tuesday, the exploit is spectacular to watch and learn about over the course of the 30,000-word writeup. This exploit was discovered by Ian Beer of Google’s Project Zero earlier this year. As he was locked away at home due to the COVID-19 pandemic, he used his time to create a “wormable radio-proximity exploit” which lets...
Read more...
As the cybersecurity landscape evolves, so do the skilled attackers at every turn. Protecting devices from threats becomes a cat and mouse game, and there is always a new attack on the horizon. Security chips built into computers have tried to slow the attacks, such as Apple’s T2 chip, but even it has its flaws. Now, Microsoft is looking to build hardened security directly into the CPU while being isolated from the system. They have adapted this new system, named the Microsoft Pluton processor, from technology created from Xbox and Azure Sphere, so end-users will be more secure than ever. According to Microsoft, “Windows 10 is the most secure version of Windows ever, built with end-to-end...
Read more...
TCL Android TVs have been crowding retail stores since their initial launch earlier this year. The Chinese-manufactured TVs have been a “budget-option” that works well enough for most and is a steal compared to the competition. When you get a TCL 65” TV for $229, though, is cybersecurity at the top of your mind? If not, you are in for a surprise. Security researcher and hacker SickCodes seems to be a jack-of-all-trades, continually poking at devices to see what exploits he can find. At the end of September, he looked at “low-end Android boxes,” things such as TV sticks, boxes, Smart TVs, and Android TVs. As he explains, they are all basically “like a little...
Read more...
Watch Dogs: Legion is a recently released Ubisoft game set in London that is all about hacking. In an ironic turn of events, it appears that the source code for Watch Dogs: Legion was unfortunately leaked to the internet. Originally, only snippets of the hacked data were released, but it appears that the whole Watch Dogs: Legion game and source code was released to the internet. In October, ZDNet reported that both Ubisoft and Crytek, maker of Cryengine, were hacked by a ransomware gang named Egregor. At that time, only a small part of data in a cybercrime “proof-of-life” sort of situation was posted. It was unknown how much additional date was available at the time, however, and...
Read more...
Google’s Project Zero team, which is tasked with discovering 0-day vulnerabilities, has uncovered an exploit in the Windows kernel that can lead to sandbox escape or privilege escalation. The bug, given CVE-2020-17087, is of the buffer overflow type in the Windows Kernel Cryptography Driver (CNG.sys) and is being actively exploited. Thankfully, this exploit is targeted and is not related to any U.S. election hacking, which could become more prevalent in the coming days. Last week, the Project Zero team discovered an exploit in Google Chrome and Chrome OS. Around the same time, they found the Windows Kernel bug, and it was “subject to a 7-day disclosure deadline.” It was subject...
Read more...
Microsoft’s Azure Active Directory has some neat features built-in, and it is always expanding. Yesterday, the Azure team implemented a way to detect “one of the most popular attacks, accounting for more than a third of account compromise in organizations.” This attack is called password spray, and by now using machine learning, Microsoft can detect patterns and alert organizations to this attack. Password spray is a “low and slow” form of attack, where “bad actors try a few common passwords against many accounts from different organizations.” This method of testing passwords over several days can go undetected as logins can come from thousands of IPs...
Read more...
Google’s recently released versions of Chrome and Chrome OS had a bit of an Achilles heel: a rather pesky zero-day vulnerability that could corrupt the system’s memory from the browser or OS. The bug has been given CVE-2020-15999, but has not even been given an official score yet. Google gives the exploit a "high" level of criticality, and it has already been found in the wild, so users need to patch their systems ASAP. CVE-2020-15999 was discovered on October 19th by Sergei Glazunov at Google Project Zero. The Project Zero team is tasked with finding zero-day exploits in Googles's own products (and competitors), and with this bug, the team found issues with FreeType,...
Read more...
The Trickbot botnet is under the gun in a significant way. Both Microsoft and the U.S Military Cyber Command have both been targeting Trickbot this year in hopes of taking it down. Microsoft claims that “As of October 18, [they’ve] worked with partners around the world to eliminate 94% of Trickbot’s critical operational infrastructure.” A couple of weeks ago, U.S Military Cyber Command was able to attack Trickbot’s servers. Microsoft, on the other hand, reports they were able to disable them entirely. Microsoft identified 69 servers used for Trickbot and was able to disable 62 for command-and-control. The seven other servers were "internet of things" (IoT) devices...
Read more...
This month, the Emotet botnet is going trick or treat, and it is only occupied with tricking. Previously, the malware spread by utilizing spam campaigns with Word or Excel files, but the botnet is back after a short hiatus. It is now using email “spam campaigns pretend to be invoices, shipping information, COVID-19 information, information about President Trump's health, resumes, or purchase orders, as shown below.” These emails contain malicious Word documents that load up scripts and ruin your day. BleepingComputer reports that “With its return to activity, Emotet switched to a new template that pretends to be a message from Windows Update stating that Microsoft Word needs...
Read more...
Approximately two weeks ago, the U.S. military’s Cyber Command, under the National Security Agency (NSA), executed a coordinated attack on the Trickbot botnet. This attack included sending disconnect commands to computers infected with the Trickbot malware, and spoofing records, so the collection of target data has been muddied and compromised itself. Early in October, KrebsOnSecurity received word that someone with access to the Trickbot network sent out commands to infected devices to disconnect from the Trickbot servers. These servers controlled the infected machines, so this was a massive blow to the nefarious actors behind Trickbot’s operations. Furthermore, the Trickbot malware...
Read more...
Typically, ransomware attacks that are seemingly on the increase around the globe are the cause of financial loss and lack of productivity. However, a ransomware attack on a hospital in Germany has reportedly led to the first known death indirectly attributed to such attacks. German authorities are currently investigating a death following the ransomware attack on Düsseldorf University Hospital. Today, German media reported on the closure of the hospital’s emergency room due to the ransomware attack. As it was closed, a woman in need of emergency medical attention was turned away and subsequently succumbed to her illness. Alongside this tragic event, the hospital has not been able...
Read more...
Secura digital security advisors and researchers, have discovered a highly critical vulnerability with Active Directory domain controllers. Rated as a 10 of 10 on the Common Vulnerability Scoring System (CVSS), this exploit, dubbed Zerologon, allows nefarious people to take over the domain controller and execute privilege escalations. The Zerologon exploit takes advantage of how the Netlogon Remote Protocol works. Typically, this protocol is used for machine and user authentication, as well as updating passwords within a domain. To utilize this exploit, one only needs to set up a TCP connection to the domain controller (DC) and you can spoof a client to go from there. This client spoofing works...
Read more...
The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a warning about a growing threat from criminals seeking to take advantage of people working from home and using a VPN or virtual private network. Apparently there's a growing threat from voice call phishing or "vishing" attacks targeting corporate VPNs. One known service that was discovered allows people to hire a criminal ring with the goal of stealing VPN credentials, and other sensitive data from employees who are working remotely. The security alert issued says that in mid-July 2020, cybercriminals began vishing campaigns aiming to gain access to employee tools at multiple companies, and ultimately to monetize...
Read more...
It is rather rare to be able to peek behind the scenes for a look at how a state-sponsored threat group operates. However, a recent mistake has provided security researchers with information about the methods of the group referred to as “ITG18.” The security researchers discovered training videos that were accidentally uploaded by the Iranian hackers to an unprotected server. The video footage reveals some of the hackers’ techniques and their preferred targets. ITG18 is an Iranian state-sponsored threat group. They are also referred to as APT35 or Charming Kitten by other security researchers. The group uploaded more than 40 gigabytes of data onto an unprotected server back...
Read more...
Security researchers at Sophos have been investigating a pair of ransomware attacks where the attackers used legitimate, digitally signed hardware driver to delete security products from targeted computers. Once the security products were deleted from the target machines, the destructive file encryption portion of the attack was launched. The signed driver that was used is part of a deprecated software package from Gigabyte, a mainboard and computer hardware manufacturer. The software had a known vulnerability tracked as CVE-2018-19320. The vulnerability, along with proof-of-concept code was published in 2018. At the time, Gigabyte denied that the vulnerability impacted its products. Later it...
Read more...
On March 5th, 2019, an unprecedented Denial of Service (DoS) cyberattack occurred on American soil, targeted at the US power grid. This attack mainly affected the Western United States, and was a fortunately low-impact attack. No blackouts were caused, and the machines in question were out of commission for no more than five minutes, according to the North American Electric Reliability Corp, or NERC. Even so, this leaves a historical mark on American infrastructure, and clearly demonstrates the dangers of increased connectivity. A simple firewall vulnerability was enough to cause multiple devices to be compromised and rebooted from a single point of failure. While the impact this time around...
Read more...
Facebook must once again deal with the repercussions of a major security blunder. An exposed server recently published more than 419 million phone numbers and Facebook IDs. At least 133 million of those phone numbers were based in the United States. Anyone could have accessed the information before the server was finally taken down. Security researcher Sanyam Jain was the first to find the exposed server. The server was not owned by Facebook, but still contained users’ Facebook IDs and phone numbers. A Facebook ID is a public number that is associated with an account. The number often contains portions of a person’s Facebook name and it is not difficult to determine the owner of the...
Read more...
Hacks are happening all the time with some giving information on user accounts like the Flipboard hack we talked about recently. Other hacks are much grander in scale, like the attack against the city of Baltimore that resulted in most of the cities systems being locked out. Another significant hack has happened, and this one is a hack of a hotel management company that backs some of the largest hotel chains in the world. The hotel management company in question is Pyramid Hotel Group, and it manages many Marriott locations. The company had a server that left an unsecured database containing security logs that could give nefarious types an idea about cybersecurity weaknesses of the hotels. The...
Read more...
