Depending on your version, you might want this patch.
Microsoft patches SMBv3 wormable bug that leaked earlier this week | ZDNet
Printable View
Depending on your version, you might want this patch.
Microsoft patches SMBv3 wormable bug that leaked earlier this week | ZDNet
Well this is a bitch. Unless you have behavioural antivirus, (well, even if you've got it tbh):
- Don't click on links or attachments unless you are 110% certain you know what they are.
- If you have the latest Windows 10, use Controlled Folder Access (it's not 100% protection but it might help). Link HERE
- BACKUP YOUR CRITICAL DATA
Quote:
Beware Of This New Windows 10 Ransomware Threat Hiding In Plain Sight
Beware Of This New Windows 10 Ransomware Threat Hiding In Plain Sight
^ ok, have read, have understood, won't click on your link Harry.
You can trust my links 111%.....Quote:
Originally Posted by lom
Another unpatched critical vulnerability.....
One that affects all you cheapskates and luddites using out-of-support OS's.
Microsoft Warns of Critical Windows Zero-Day Flaws | ThreatpostQuote:
Microsoft is warning of critical zero-day flaws in its Windows operating system that could enable remote code execution. The unpatched flaws are being exploited by attackers in “limited, targeted” attacks, the company said.
According to Microsoft, two remote code execution vulnerabilities exist in the way that Windows’ Adobe Type Manager Library handles certain fonts. Adobe Type Manager is a font management tool built into both Mac OS and Windows operating systems, and produced by Adobe. While no patches are available for the flaws, workaround mitigations can protect users.
“Microsoft is aware of limited targeted attacks that could leverage unpatched vulnerabilities in the Adobe Type Manager Library, and is providing the following guidance to help reduce customer risk until the security update is released,” according to a Monday Microsoft security advisory.
There is an easy mitigation though.
Attachment 47227
Anyone using OpenWRT?
If you are, there's an RCE vulnerability in older versions (details in the link):
Quote:
To fix this issue, affected users are advised to upgrade their device firmware to the latest OpenWrt versions 18.06.7 and 19.07.1, which were released last month.
Critical RCE Bug Affects Millions of OpenWrt-based Network Devices
If you have a D-Link DSL-2640b, best make sure it is not internet accessible or better still take it offline.
Security Advisories: D-Link DSL-2640B –
Cloudflare have added two new DNS Services; one for Malware and one for Malware+Adult.
Pretty easy to implement if you want to stop the saucepans watching gonzo.
It's never going to be perfect but every little helps.
Introducing 1.1.1.1 for Families
WASHINGTON/SAN FRANCISCO (Reuters) - Apple Inc is planning to fix a flaw that a security firm said may have left more than half a billion iPhones vulnerable to hackers.
The bug, which also exists on iPads, was discovered by ZecOps, a San Francisco-based mobile security forensics company, while it was investigating a sophisticated cyberattack against a client that took place in late 2019. Zuk Avraham, ZecOps’ chief executive, said he found evidence the vulnerability was exploited in at least six cybersecurity break-ins.
An Apple spokesman acknowledged that a vulnerability exists in Apple’s software for email on iPhones and iPads, known as the Mail app, and that the company had developed a fix, which will be rolled out in a forthcoming update on millions of devices it has sold globally.
Apple declined to comment on Avraham’s research, which was published on Wednesday, that suggests the flaw could be triggered from afar and that it had already been exploited by hackers against high-profile users.
Avraham said he found evidence that a malicious program was taking advantage of the vulnerability in Apple’s iOS mobile operating system as far back as January 2018. He could not determine who the hackers were and Reuters was unable to independently verify his claim.
To execute the hack, Avraham said victims would be sent an apparently blank email message through the Mail app forcing a crash and reset. The crash opened the door for hackers to steal other data on the device, such as photos and contact details.
ZecOps claims the vulnerability allowed hackers to remotely steal data off iPhones even if they were running recent versions of iOS. By itself, the flaw could have given access to whatever the Mail app had access to, including confidential messages.
Avraham, a former Israeli Defense Force security researcher, said he suspected that the hacking technique was part of a chain of malicious programs, the rest undiscovered, which could have given an attacker full remote access. Apple declined to comment on that prospect.
ZecOps found the Mail app hacking technique was used against a client last year. Avraham described the targeted client as a “Fortune 500 North American technology company,” but declined to name it. They also found evidence of related attacks against employees of five other companies in Japan, Germany, Saudi Arabia, and Israel.
Avraham based most of his conclusions on data from “crash reports,” which are generated when programs fail in mid-task on a device. He was then able to recreate a technique that caused the controlled crashes.
Two independent security researchers who reviewed ZecOps’ discovery found the evidence credible, but said they had not yet fully recreated its findings.
Patrick Wardle, an Apple security expert and former researcher for the U.S. National Security Agency, said the discovery “confirms what has always been somewhat of a rather badly kept secret: that well-resourced adversaries can remotely and silently infect fully patched iOS devices.”
Because Apple was not aware of the software bug until recently, it could have been very valuable to governments and contractors offering hacking services. Exploit programs that work without warning against an up-to-date phone can be worth more than $1 million.
While Apple is largely viewed within the cybersecurity industry as having a high standard for digital security, any successful hacking technique against the iPhone could affect millions due to the device’s global popularity. In 2019, Apple said there were about 900 million iPhones in active use.
Bill Marczak, a security researcher with Citizen Lab, a Canada-based academic security research group, called the vulnerability discovery “scary.”
“A lot of times, you can take comfort from the fact that hacking is preventable,” said Marczak. “With this bug, it doesn’t matter if you’ve got a PhD in cybersecurity, this will eat your lunch.”
Flaw in iPhone, iPads may have allowed hackers to steal data for years - Reuters
Another big data breach, enter your password at haveibeenpwned.com and change any relevant passwords.
Quote:
db8151dd: In February 2020, a massive trove of personal information referred to as "db8151dd" was provided to HIBP after being found left exposed on a publicly facing Elasticsearch server. The exposed data could not be attributed to an owner and appears to be related to a CRM which aggregated personal information and customer interactions. The data was provided to HIBP by dehashed.com.
Compromised data: Email addresses, Job titles, Names, Phone numbers, Physical addresses, Social media profiles
enter your email addressQuote:
Originally Posted by harrybarracuda
Quote:
Originally Posted by raycarey
Doh! Yes email address :rofl:
<mental note: Drink coffee before posting>
I love these TD moments of extreme irony :smileylaughing:
Actually you could enter your password and it wouldn't do any harm, but don't expect a ton of results.Quote:
Originally Posted by Latindancer
For that you need to use this:
How Secure Is My Password?
:)
EasyJet hit by cyberattack where email and travel details for 9million customers stolen
EASYJET has been targeted in a cyber attack, which has resulted in hackers accessing millions of customers contact and travel information.
The airline, which has currently grounded all of its flights in response to the coronavirus pandemic, said it has now blocked the unauthorised access. A company investigation found that the email address and travel details of about 9million customers were accessed. The hackers also accessed the credit card details of more than 2,000 customers.
https://www.express.co.uk/news/uk/1284201/easyjet-airline-cyber-attack-latest-travel-news-customers-details-emails-hacked
I got an email the other day which caught my eye because the subject line was the password I use to log on to my desktop computer.
Some little shit said he had video footage of me wanking and the website details, and wanted Bitcoin.....but I have my camera unplugged unless actually using it.
I suppose it was some Facebook or other link I clicked on. Somehow they got my email address and computer password.
We think we know it all about this kind of thing, but it pays to read something by experts and keep it in mind.
Phishing Scams & Attacks - How to Protect Yourself | Kaspersky
Quote:
Originally Posted by Latindancer
It's called "Sextortion" and they're a bunch of chancers.
Enter your email address at haveibeenpwned.com and see where they got your password from.
Massive spying on users of Google's Chrome shows new security weakness
"A newly discovered spyware effort attacked users through 32 million downloads of extensions to Google’s market-leading Chrome web browser, researchers at Awake Security told Reuters, highlighting the tech industry’s failure to protect browsers as they are used more for email, payroll and other sensitive functions."
Exclusive: Massive spying on users of Google's Chrome shows new security weakness - Reuters
If your Netgear Router is on this list (and it includes some relatively recent models), you need to check for new firmware to fix identified vulnerabilities. Details in the link.
Quote:
NETGEAR is aware of multiple security vulnerabilities on the following products:
- AC1450
- D6220
- D6300
- D6400
- D7000v2
- D8500
- DC112A
- DGN2200
- DGN2200M
- DGN2200v4
- DGND3700
- EX3700
- EX3800
- EX3920
- EX6000
- EX6100
- EX6120
- EX6130
- EX6150
- EX6200
- EX6920
- EX7000
- LG2200D
- MBM621
- MBR1200
- MBR1515
- MBR1516
- MBR624GU
- MBRN3000
- MVBR1210C
- R4500
- R6200
- R6200v2
- R6250
- R6300
- R6300v2
- R6400
- R6400v2
- R6700
- R6700v3
- R6900
- R6900P
- R7000
- R7000P
- R7100LG
- R7300
- R7850
- R7900
- R8000
- R8300
- R8500
- RS400
- WGR614v10
- WGR614v8
- WGR614v9
- WGT624v4
- WN2500RP
- WN2500RPv2
- WN3000RP
- WN3100RP
- WN3500RP
- WNCE3001
- WNDR3300
- WNDR3300v2
- WNDR3400
- WNDR3400v2
- WNDR3400v3
- WNDR3700v3
- WNDR4000
- WNDR4500
- WNDR4500v2
- WNR1000v3
- WNR2000v2
- WNR3500
- WNR3500L
- WNR3500Lv2
- WNR3500v2
- WNR834Bv2
- XR300
NETGEAR strongly recommends that you download the latest firmware as soon as a firmware update or firmware hotfix is available for your product. See the following table for a list of products with firmware fixes available for one or more vulnerabilities.
https://kb.netgear.com/000061982/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Mobile-Routers-Modems-Gateways-and-Extenders
Another warning to check your router firmware and make sure it's up to date, regardless of brand.
If it isn't supported any more, get rid.
Popular home routers plagued by critical security flaws | WeLiveSecurity
If the news about router security flaws has you thinking it's time for a new, more secure router, techradar.com recently posted this list of 2020's best:
Best secure router of 2020: keep your router and devices safe at home or work | TechRadar
Time to update Chrome if you haven't got it doing it automagically:
Quote:
Original release date: July 14, 2020
Google has released Chrome version 84.0.4147.89 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.
And as an added bonus, if you have a Microsoft Network in your office, tell your IT staff to look for a WORMABLE, critical DNS Server patch.
:)
Iranian Hackers Accidentally Exposed Their Training Videos (40 GB) Online
An OPSEC error by an Iranian threat actor has laid bare the inner workings of the hacking group by providing a rare insight into the "behind-the-scenes look into their methods."
IBM's X-Force Incident Response Intelligence Services (IRIS) got hold of nearly five hours worth of video recordings of the state-sponsored group it calls ITG18 (also called Charming Kitten, Phosphorous, or APT35) that it uses to train its operators.
Some of the victims in the videos included personal accounts of U.S. and Greek Navy personnel, in addition to unsuccessful phishing attempts directed against U.S. state department officials and an unnamed Iranian-American philanthropist.
"Some of the videos showed the operator managing adversary-created accounts while others showed the operator testing access and exfiltrating data from previously compromised accounts," the researchers said.
The IBM researchers said they found the videos on a virtual private cloud server that was left exposed due to a misconfiguration of security settings. The server, which was also found to host several ITG18 domains earlier this year, held more than 40 gigabytes of data.
The discovered video files show that ITG18 had access to the targets' email and social media credentials obtained via spear-phishing, using the information to log in to the accounts, delete notifications of suspicious logins so as not to alert the victims, and exfiltrate contacts, photos, and documents from Google Drive.
"The operator was also able to sign into victims' Google Takeout (takeout.google.com), which allows a user to export content from their Google Account, to include location history, information from Chrome, and associated Android devices," the researchers noted.
Besides this, the videos — captured using Bandicam's screen-recording tool — also show that the actors behind the operation plugged the victims' credentials to Zimbra's email collaboration software intending to monitor and manage the compromised email accounts.
Outside of email accounts, the researchers said they found the attackers employing a long list of compromised usernames and passwords against at least 75 different websites ranging from banks to video and music streaming to something as trivial as pizza delivery and baby products.
Other clips showed the ITG18 group leveraging dummy Yahoo! accounts, which include a phone number with Iran's country code (+98), using them to send the phishing emails, some of which bounced back, suggesting the emails did not reach the victim's inbox.
"During the videos where the operator was validating victim credentials, if the operator successfully authenticated against a site that was set up with multi-factor authentication (MFA) they paused and moved on to another set of credentials without gaining access," the researchers said.
ITG18 has a long history of targeting the U.S. and the Middle Eastern military, diplomatic, and government personnel for intelligence gathering and espionage to serve Iran's geopolitical interests.
If anything, the discovery emphasizes the need to secure your accounts by using stronger passwords, turning on two-factor authentication, and reviewing and limiting access to third-party apps.
"The compromise of personal files of members of the Greek and U.S. Navy could be in support of espionage operations related to numerous proceedings occurring in the Gulf of Oman and Arabian Gulf," IBM X-Force researchers concluded. "The group has shown persistence in its operations and consistent creation of new infrastructure despite multiple public disclosures and broad reporting on its activity."
Iranian Hackers Accidentally Exposed Their Training Videos (40 GB) Online
If you are using any of these VPN's, ditch them immediately.
They've all been caught logging copious amounts of user data when they claimed they don't.
UFO VPN
FAST VPN
Free VPN
Super VPN
Flash VPN
Secure VPN
Rabbit VPN
None of these free VPNs are really "free." They have to make their money somehow. If you have to use a VPN, then pay for one.
Flash VPN, UFO VPN, and five other services leaked 1.2TB of private information
Google will soon introduce biometric authentication to the Chrome Autofill feature on Android devices, in a bid to make conducting online purchases via its browser more convenient and secure.
Users will still need to input their information manually when using a credit card for the first time but, for future purchases, Chrome for Android will allow users to bypass CVV checks and authenticate transactions using face ID or fingerprint alone.
Google Chrome will also apply a similar process to logging into online services. The new touch-to-fill feature will bring up a list of accounts attached to the webpage a user is currently browsing and allow them to verify their identity using biometrics.
Previously, an unauthorized third party with access to a device could gain entry to the owner’s online accounts via the Autofill feature (which required no additional authentication). Using biometrics, however, puts paid to this possibility - unless twins are involved, of course.
For security conscious users, the common advice was never to use a browser’s autofill function and opt for a secure password manager instead. But with the imminent upgrade to Chrome for Android, it’s possible account credentials will be just as safe stored in-browser.
To ensure sensitive biometric information remains secure, Chrome utilizes the WebAuthn standard when registering fingerprint and facial data. Google has also assured users that biometric data will always remain on-device, never transmitted to the cloud.
The new feature also significantly reduces the risk of falling victim to elaborate phishing scams. While a fake landing page hosted on an illegitimate domain might deceive an unwitting user, the browser itself will not be so easy to dupe.
Already available on Chrome for Mac and Windows, biometric authentication is set to land on Android devices within the next few weeks.
You’ll never need a password manager again, thanks to this new Chrome update | TechRadar
The chinkies are blocking new secure traffic because they can't snoop on their citizens.
I'm sure Vlad will be following.
China is now blocking all encrypted HTTPS traffic that uses TLS 1.3 and ESNI | ZDNet
This terminology can be confusing for those who aren't into IT. Here are a few paragraphs from the article that provide a little more clarity:Quote:
Originally Posted by harrybarracuda
"The Chinese government has deployed an update to its national censorship tool, known as the Great Firewall (GFW), to block encrypted HTTPS connections that are being set up using modern, interception-proof protocols and technologies.
The ban has been in place for at least a week, since the end of July, according to a joint report published this week by three organizations tracking Chinese censorship -- iYouPort, the University of Maryland, and the Great Firewall Report. Through the new GFW update, Chinese officials are only targeting HTTPS traffic that is being set up with new technologies like TLS 1.3 and ESNI (Encrypted Server Name Indication). Other HTTPS traffic is still allowed through the Great Firewall, if it uses older versions of the same protocols -- such as TLS 1.1 or 1.2, or SNI (Server Name Indication)."
If it's not the chinkies, it's the russkies....
Quote:
Russia is targeting Linux with Drovorub malware
The NSA has issued a warning about a new round of cyberattacks by Russia. This time, the GRU (Główny Zarząd Wywiadowczy, the Russian General Staff Main Intelligence Directorate) is targeting Linux machines.
To orchestrate the attacks, the GRU is using a malware suite called Drovorub. The suite is made up of four modules and uses a variety of techniques to hide itself and evade detection.
The National Security Agency does not say how long the malware has been in circulation for, but points out that the Russian GRU 85th GTsSS responsible for deploying it has been seen operating under various names including Fancy Bear, APT28 and Strontium. Drovorub is concerning not only because of the steps it takes to hide itself, but also because of the root level privileges it is able to obtain.
The NSA describes the malware:
Drovorub is a Linux malware toolset consisting of an implant coupled with a kernel module rootkit, a file transfer and port forwarding tool, and a Command and Control (C2) server. When deployed on a victim machine, the Drovorub implant (client) provides the capability for direct communications with actor-controlled C2 infrastructure (T1071.0011); file download and upload capabilities (T1041); execution of arbitrary commands as "root" (T1059.004); and port forwarding of network traffic to other hosts on the network (T1090). The kernel module rootkit uses a variety of means to hide itself and the implant on infected devices (T1014), and persists through reboot of an infected machine unless UEFI secure boot is enabled in "Full" or "Thorough" mode.
System administrators are advised to upgrade to Linux Kernel 3.7 or later in order to avoid being susceptible to attack, as well as taking precautions to ensure that only modules with valid digital signatures are loaded.
More details can be found in the NSA's advisory notice.
https://betanews.com/2020/08/14/russia-malware-linux-drovorub/?utm_source=feedburner&utm_medium=feed&utm_campaig n=Feed+-+bn+-+BetaNews+Latest+News+Articles
Microsoft will bid farewell to Internet Explorer and legacy Edge in 2021
Microsoft will end support for Internet Explorer 11 across its Microsoft 365 apps and services next year. In exactly a year, on August 17th, 2021, Internet Explorer 11 will no longer be supported for Microsoft’s online services like Office 365, OneDrive, Outlook, and more. Microsoft is also ending support for Internet Explorer 11 with the Microsoft Teams web app later this year, with support ending on November 30th.
While it’s still going to take some time to pry enterprise users of Internet Explorer 11 away, Microsoft is hoping that the new Internet Explorer legacy mode in the Chromium-based Microsoft Edge browser will help. It will continue to let businesses access old sites that were specifically built for Internet Explorer, until Microsoft fully drops support for Internet Explorer 11 within Windows 10. Microsoft’s move to stop supporting Internet Explorer 11 with its main web properties is a good first step, though.
Microsoft will bid farewell to Internet Explorer and legacy Edge in 2021 - The Verge
I haven't really fallen in love with MS Edge either. Wonder if it's going to be on the chopping block in the next few years as well. With the speed of technological change, one never really knows what surprises the next decade holds.
Fucking chinkies at it again. Don't buy that bargain shit chinky phone off Lazada, it's a false economy.
Money-Stealing Malware Found Preloaded On Cheap Android Phones | UbergizmoQuote:
There are plenty of markets around the world that might not have a population that’s willing to shell out $1,000 for a smartphone. This is why there are companies that purely make cheap Android phones to sell to the masses. Obviously there are compromises when you make a cheap phone, such as using less premium materials or using lower-end hardware.
Unfortunately, it also seems that in some cases, you might end up compromising on security as well. According to a report from BuzzFeed News, it seems that there are cheap Chinese Android smartphones being sold in regions such as Africa where it has been discovered that these phones actually come preloaded with malware that will steal your money.
I feel like Africans in Africa are getting the short end of the stick much of the time. While their leaders seem to think that China and its technology are the solution, the reality on the ground doesn't quite measure up, does it.
If you think you had dodgy Internet yesterday, it wasn't just you....
Just a moment...Quote:
A CenturyLink BGP routing mistake has led to a ripple effect across the Internet that led to outages for numerous Internet-connected services such as Cloudflare, Amazon, Garmin, Steam, Discord, Blizzard, and many more.
These outages started at approximately 6 AM EST, when customers began reporting a wide-scale outage in the USA affecting CenturyLink services.
When performing searches on Twitter, there was a sudden influx of complaints about poor performance or outages on numerous connected services such as Blizzard, Steam, Discord, Roblox, Cloudflare, Hulu, Slink, Reddit, Amazon AWS, and many more.
CenturyLink states that their Level3 CA3 data center is causing this outage and are investigating the issue.
"Our technical teams are investigating an issue affecting some services in the CA3 data center. Ensuring the reliability of our services is our top priority. We will continue to provide status updates as this incident progresses. If you need further support, please contact us at [email protected]," CenturyLink's status page states.
This outage has since been resolved, and services are slowly recovering, with some areas taking longer than others.
holly shit, one of my home router is listed there, thank god I am no fuckwit and know how to harden a network like a proper netadmin, unlike other fuckwits who can only report what they see, not what they can do :)Quote:
Originally Posted by harrybarracuda
Unbeknownst to many, last month Microsoft patched one of the most severe bugs ever reported to the company, an issue that could be abused to easily take over Windows Servers running as domain controllers in enterprise networks.
The bug was patched in the August 2020 Patch Tuesday under the identifier of CVE-2020-1472. It was described as an elevation of privilege in Netlogon, the protocol that authenticates users against domain controllers.
The vulnerability received the maximum severity rating of 10, but details were never made public, meaning users and IT administrators never knew how dangerous the issue really was.
Zerologon attack lets hackers take over enterprise networks: Patch now | ZDNet
For all those digital hypochondriacs out there, here's more news about Microsoft security vulnerabilities and patches within the last couple weeks. Not much comfort out there.
Microsoft Patch Tuesday, Sept. 2020 Edition — Krebs on Security
If you are dumb enough to be using Anvisoft as your antivirus, ditch it immediately.
Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack — Krebs on Security
If you use Firefox for Android, update it pronto.
Firefox for Android vulnerability allows hackers to hijack device over Wi-Fi | 2020-09-22 | Security MagazineQuote:
Mozilla has patched a security flaw that could allow cybercriminals to hijack all vulnerable Firefox for Android browsers running on devices connected to the same Wi-Fi network. The vulnerability could be abused to force users to visit websites housing malicious content, which could then be used to execute phishing attacks or to download malware to their devices.
The vulnerability was discovered by Australian security researcher Chris Moberly, who said, “The victim simply has to have the Firefox application running on their phone. They do not need to access any malicious websites or click any malicious links. No attacker-in-the-middle or malicious app installation is required.” Moberly worked with Mozilla to fix the vulnerability with the updated Firefox version.
Suspected ransomware attack hits one of the largest hospital networks in the US
One of the US’s largest healthcare providers has been hit by what looks like a highly coordinated ransomware attack (via NBC News). Over the weekend, hospitals in the US operated by Universal Health Services started to notice problems with their IT systems, with some employees reporting that they could not access their computers.
In a statement the company shared on Monday morning, UHS said its computer network is down due to an "IT security issue." The company says it doesn't appear like employee or patient data was accessed in the incident. UHS cares for approximately 3.5 million patients each year and operates about 400 healthcare facilities across the US and UK.
"We implement extensive IT security protocols and are working diligently with our IT security partners to restore IT operations as quickly as possible," the statement reads. "Patient care continues to be delivered safely and effectively."
NBC News reports some UHS hospitals have had to fall back on filing patient information using pen and paper due to the attack. On Reddit and Twitter, there are also reports of UHS facilities redirecting ambulances to other nearby hospitals. "When the attack happened multiple antivirus programs were disabled by the attack and hard drives just lit up with activity," says one of those reports.
A UHS employee told Bleeping Computer that they saw files renamed during the attack to include a .ryk extension. That extension is associated with the Ryuk ransomware. Like most other ransomware, Ryuk encrypts files to prevent someone from accessing them until they pay a fee.
Suspected ransomware attack hits one of the largest hospital networks in the US | Engadget