Skip to main content

Posts

Showing posts with the label Security

Coronavirus Updates

Pipeline cyberattack was likely the work of a ransomware gang

Details of the industry-hobbling  Colonial Pipeline cyberattack  are starting to emerge.  Reuters  and  Bloomberg  say the hack was likely the work of a cybercriminal group, and that the  ransomware  gang DarkSide appears to be the primary suspect. Bloomberg claims DarkSide stole almost 100GB of data in two hours on May 6th as part of a "double-extortion scheme" where intruders threatened to both leak company data and lock Colonial out of its information. It's not certain if Colonial agreed to pay a ransom. The oil and gas giant reportedly asked FireEye's Mandiant forensics team to help investigate the breach. The attack was important enough to get the US government's involvement, regardless of who was responsible. Officials were scrambling to help Colonial restore its fuel supply business, while Reuters understood that a government investigation was in the "early stages." President Biden received a briefing on May 8th. I...

It's already possible to hack an AirTag

You knew it was just a matter of time before someone hacked  Apple's AirTags , but it might have happened sooner than you expected. 9to5Mac  reports  that security researcher Thomas Roth has already  cracked  the microcontroller for Apple's item tracker, dumping its firmware and discovering that you can re-flash it for your own purposes. Roth demonstrated the possibilities by modifying the NFC web address (the one that appears when you tap an AirTag) to his personal site. As you might guess, that raises the potential for hacked AirTags that send users to malware and phishing sites. The practical threat to users are likelysmall. An attacker would have to obtain someone's existing AirTag, modify it and place it such that an unsuspecting victim would find it and want to tap it. That's also presuming that Apple doesn't have a way to block modified AirTags, as 9to5 suggested. Still, this suggests you'll want to have an up-to-date phone and a reason...

WhatsApp defers May 15 deadline on privacy policy

Instant messaging platform WhatsApp on Friday said it had for now done away with the May 15 deadline for users to accept its privacy policy and that it would “follow up” with people who had not yet accepted the new terms of service. “No accounts will be deleted on May 15 because of this update and no one in India will lose functionality of WhatsApp either. We will follow up with reminders to people over the next several weeks,” a spokesperson for the company said in a statement. The Facebook-owned company also said that though most WhatsApp users had accepted the terms of the updated privacy policy, some have not had the chance to do so. “We’ve spent the last few months working to clear up confusion and misinformation. As a reminder this update does not impact the privacy of personal messages for anyone,” the spokesperson said. Earlier this year in January, WhatsApp had, through an in-app notification, told its users that it had updated the privacy policy and that if they d...

Instagram’s head apologizes for bug that deleted activists’ stories

Head of Instagram Adam Mosseri  has tweeted an apology  about a bug that deleted users’ story posts on Thursday. The timing was unfortunate for activists trying to raise awareness about missing Indigenous women, with organizations Red Dress and National Day of Awareness of Missing and Murdered Indigenous Women and Girls (MMIWG, abbreviated by some as MMIWG2S to include two-spirit people)  questioning whether their posts  had somehow been erased deliberately. According to Instagram, however, the bug affected stories, archives, and highlights of Instagram users across the globe. Mosseri and  Instagram’s statement  about the deletions say this isn’t the case and that the stories were not removed because of anything content-related. He specifically addressed the Indigenous people’s concerns. “This day is incredibly important to raise awareness of this critical issue and support our Indigenous community on Instagram,”  Mosseri tweeted . “We apologize to a...

Dell issues high-priority security patch for hundreds of machines dating back to 2009

What just happened? If you thought your aging Dell laptop was safe from modern malware or hacking exploits, think again. Dell has just released a retroactive, high-priority software patch for hundreds of its machines, some of which have initial releases dating back to 2009. The patch addresses an "insufficient access control vulnerability" present in the dbutil_2_3.sys driver, which can be found on Windows-equipped Dell systems with user-installed firmware update packages. Not all Dell machines are affected, but many are; 380, to be precise. Impacted machines range from Dell's Latitude line-up to its Inspirons and even its G-series gaming notebooks. The vulnerability would allow someone with access to the machine (which could be obtained through malware) to escalate privileges and obtain kernel-level permissions. You can find a full  list of affected machines  on Dell's website -- it's too expansive for us to list here. If one of your machines is on that lis...

Google to Automatically Enable Two-Step Verification for Some Accounts

Google is marking World Password Day with a blog post summarizing the password management features it offers, and the company announced that it will automatically enroll some accounts in two-step verification (2SV). The tech giant has been offering 2SV for Google accounts for years. Users who enable 2SV for their account — after entering their password — are asked to enter a code received via a text message or a voice call. In many cases, users can simply confirm their identity by taping a prompt on their smartphone when they log in, and Google also offers the option to use  security key devices  that are connected via a physical port (USB) or wirelessly (NFC). Google announced  on Thursday that it will soon start automatically enabling 2SV for users, if their accounts are “appropriately configured.” Jonathan Skelker, product manager of account security at Google, told SecurityWeek that “appropriately configured” refers to accounts that already include recovery info...

Insurer AXA Halts Ransomware Crime Reimbursement in France

In an apparent industry first, the global insurance company AXA said Thursday it will stop writing cyber-insurance policies in France that reimburse customers for extortion payments made to ransomware criminals. AXA, among Europe’s top five insurers, said it was suspending the option in response to concerns aired by French justice and cybersecurity officials during a Senate roundtable in Paris last month about the devastating global epidemic of ransomware. “The word to get out today is that, regarding ransomware, we don’t pay and we won’t pay,” cybercrime prosecutor Johanna Brousse said at the hearing. Only the U.S. surpassed France last year in damage from ransomware to businesses, hospitals, schools and local governments,  according to  the cybersecurity firm Emsisoft, estimating France’s related overall losses at more than $5.5 billion. The suspension only applies to France and does not affect existing policies, said Christine Weirsky, a spokeswoman for the U.S. AXA s...

New Pingback Malware Using ICMP Tunneling to Evade C&C Detection

Researchers on Tuesday disclosed a novel malware that uses a variety of tricks to stay under the radar and evade detection, while stealthily capable of executing arbitrary commands on infected systems. Called 'Pingback,' the Windows malware leverages Internet Control Message Protocol ( ICMP ) tunneling for covert bot communications, allowing the adversary to utilize ICMP packets to piggyback attack code, according to an  analysis  published today by Trustwave. Pingback (" oci.dll ") achieves this by getting loaded through a legitimate service called  MSDTC  (Microsoft Distributed Transaction Coordinator) — a component responsible for handling database operations that are distributed over multiple machines — by taking advantage of a method called  DLL search order hijacking , which involves using a genuine application to preload a malicious DLL file. Naming the malware as one of the plugins required for supporting  Oracle ODBC  interface in MSDTC ...

Acronis raises $250M at a $2.5B+ valuation to double down on cyber protection services

As cybersecurity continues to grow in profile amid an increasingly complex and dangerous landscape of malicious activity, a cyber security vendor that specializes in "all-in-one" services covering the many aspects of security IT has closed a big round of funding to grow. Acronis has raised $250 million, money that co-founder and CEO Serguei Beloussov said in an interview the company plans to use both to grow organically, as well as for acquisitions to bring more "proactive" technology into its portfolio. The funding is being led by CVC and values Acronis at over $2.5 billion. Originally a spinoff from the parent company of virtualization giant Parallels, Acronis initially made its name in data recovery and backup but has over time expanded to provide an all-in-one package of services, a business that is now profitable, with some 10,000 managed service providers and 500,000 businesses (SMBs and bigger) among its customers. "We didn’t need the money, but no...

You should update your iPhone and iPad to iOS 14.5.1 right away

The update includes security fixes for bugs that are actively being exploited. Apple on Monday released iOS 14.5.1 and iPadOS 14.5.1 for its iPhone and iPad lineup. The update comes just a week after  iOS 14.5 and iPadOS 14.5   were officially released, but there's a good reason for the back-to-back updates: It includes a fix for two security issues that, according to Apple, are actively being used.  According to a  security post  about Monday's update, there are two WebKit bugs that "Apple is aware of a report that this issue may have been actively exploited." The issue impacts the iPhone 6S or newer, all iPad Pro models, the iPad Air 2 or newer, the iPad 5th generation or newer, the iPad Mini 4 or later, and the latest iPod touch.  To update your device, open  Settings > General > Software Update  and follow the prompts. As always, it's a good idea to backup your device before installing the update. Apple also released a similar up...

Hackers Exploit SonicWall Zero-Day Bug in FiveHands Ransomware Attacks

An "aggressive" financially motivated threat group tapped into a zero-day flaw in SonicWall VPN appliances prior to it being patched by the company to deploy a new strain of ransomware called FIVEHANDS. The group, tracked by cybersecurity firm Mandiant as UNC2447, took advantage of an "improper SQL command neutralization" flaw in the SSL-VPN SMA100 product ( CVE-2021-20016 , CVSS score 9.8) that allows an unauthenticated attacker to achieve remote code execution. "UNC2447 monetizes intrusions by extorting their victims first with FIVEHANDS ransomware followed by aggressively applying pressure through threats of media attention and offering victim data for sale on hacker forums," Mandiant researchers  said . "UNC2447 has been observed targeting organizations in Europe and North America and has consistently displayed advanced capabilities to evade detection and minimize post-intrusion forensics."   CVE-2021-20016 is the same  zero-day  that...

New Chinese Malware Targeted Russia's Largest Nuclear Submarine Designer

A threat actor believed to be working on behalf of Chinese state-sponsored interests was recently observed targeting a Russia-based defense contractor involved in designing nuclear submarines for the naval arm of the Russian Armed Forces. The phishing attack, which singled out a general director working at the Rubin Design Bureau, leveraged the infamous "Royal Road" Rich Text Format (RTF) weaponizer to deliver a previously undocumented Windows backdoor dubbed " PortDoor ," according to Cybereason's Nocturnus threat intelligence team. "Portdoor has multiple functionalities, including the ability to do reconnaissance, target profiling, delivery of additional payloads, privilege escalation, process manipulation static detection antivirus evasion, one-byte XOR encryption, AES-encrypted data exfiltration and more," the researchers  said  in a write-up on Friday.   Rubin Design Bureau is a submarine design center located in Saint Petersburg, accounti...

Researchers Uncover Iranian State-Sponsored Ransomware Operation

Iran has been linked to yet another state-sponsored ransomware operation through a contracting company based in the country, according to new analysis. "Iran's Islamic Revolutionary Guard Corps ( IRGC ) was operating a state-sponsored ransomware campaign through an Iranian contracting company called 'Emen Net Pasargard' (ENP)," cybersecurity firm Flashpoint  said  in its findings summarizing three documents leaked by an anonymous entity named Read My Lips or Lab Dookhtegan between March 19 and April 1 via its Telegram channel. Dubbed "Project Signal," the initiative is said to have kickstarted sometime between late July 2020 and early September 2020, with ENP's internal research organization, named the "Studies Center," putting together a list of unspecified target websites. A second spreadsheet validated by Flashpoint explicitly spelled out the project's financial motivations, with plans to launch the ransomware operations in lat...

Microsoft Warns of 25 Critical Vulnerabilities in IoT, Industrial Devices

Azure Defender security team discovers that memory allocation is a systemic problem that can allow threat actors to execute malicious code remotely or cause entire systems to crash. Security researchers at Microsoft are warning the industry about 25 as-yet undocumented critical memory-allocation vulnerabilities across a number of vendors’ IoT and industrial devices that threat actors could exploit to execute malicious code across a network or cause an entire system to crash. Dubbing the newly discovered family of vulnerabilities “BadAlloc,” Microsoft’s Section 52—which is the Azure Defender for IoT security research group–said the flaws have the potential to affect a wide range of domains, from consumer and medical IoT devices to industry IoT, operational technology, and industrial control systems, according to a  report  published online Thursday by the Microsoft Security Response Center (MSRC). “Our research shows that memory allocation implementations written througho...