Page 42 of 44 FirstFirst ... 323435363738394041424344 LastLast
Results 1,026 to 1,050 of 1081
  1. #1026
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,555
    A very simple tutorial on how to turn on Windows 10's built in Ransomware Protection.

    How to Turn on Windows 10 Ransomware Protection | Digital Trends

  2. #1027
    Member

    Join Date
    Jan 2020
    Last Online
    01-08-2023 @ 11:33 PM
    Posts
    510
    Quote Originally Posted by harrybarracuda View Post
    A very simple tutorial on how to turn on Windows 10's built in Ransomware Protection.

    How to Turn on Windows 10 Ransomware Protection | Digital Trends
    Good info, good timing.

  3. #1028
    Member

    Join Date
    Jan 2020
    Last Online
    01-08-2023 @ 11:33 PM
    Posts
    510
    I get why they're doing it, but not sure how I feel about the ethics of it.

    "Vigilante malware stops victims from visiting piracy websites"

    Vigilante malware stops victims from visiting piracy websitesSecurity Affairs

  4. #1029
    Thailand Expat misskit's Avatar
    Join Date
    Dec 2009
    Last Online
    @
    Location
    Chiang Mai
    Posts
    48,094

    Ransomware hits hundreds of US companies, security firm says

    WASHINGTON (AP) — A ransomware attack paralyzed the networks of at least 200 U.S. companies on Friday, according to a cybersecurity researcher whose company was responding to the incident.


    The REvil gang, a major Russian-speaking ransomware syndicate, appears to be behind the attack, said John Hammond of the security firm Huntress Labs. He said the criminals targeted a software supplier called Kaseya, using its network-management package as a conduit to spread the ransomware through cloud-service providers. Other researchers agreed with Hammond’s assessment.


    “Kaseya handles large enterprise all the way to small businesses globally, so ultimately, (this) has the potential to spread to any size or scale business,” Hammond said in a direct message on Twitter. “This is a colossal and devastating supply chain attack.”


    Such cyberattacks typically infiltrate widely used software and spread malware as it updates automatically.


    It was not immediately clear how many Kaseya customers might be affected or who they might be. Kaseya urged customers in a statement on its website to immediately shut down servers running the affected software. It said the attack was limited to a “small number” of its customers.


    Brett Callow, a ransomware expert at the cybersecurity firm Emsisoft, said he was unaware of any previous ransomware supply-chain attack on this scale. There have been others, but they were fairly minor, he said.


    “This is SolarWinds with ransomware,” he said. He was referring to a Russian cyberespionage hacking campaign discovered in December that spread by infecting network management software to infiltrate U.S. federal agencies and scores of corporations.


    Cybersecurity researcher Jake Williams, president of Rendition Infosec, said he was already working with six companies hit by the ransomware. It’s no accident that this happened before the Fourth of July weekend, when IT staffing is generally thin, he added.


    “There’s zero doubt in my mind that the timing here was intentional,” he said.


    Hammond of Huntress said he was aware of four managed-services providers — companies that host IT infrastructure for multiple customers — being hit by the ransomware, which encrypts networks until the victims pay off attackers. He said thousand of computers were hit.


    “We currently have three Huntress partners who are impacted with roughly 200 businesses that have been encrypted,” Hammond said.


    Hammond wrote on Twitter: “Based on everything we are seeing right now, we strongly believe this (is) REvil/Sodinikibi.” The FBI linked the same ransomware provider to a May attack on JBS SA, a major global meat processer.


    The federal Cybersecurity and Infrastructure Security Agency said in a statement late Friday that it is closely monitoring the situation and working with the FBI to collect more information about its impact.


    CISA urged anyone who might be affected to “follow Kaseya’s guidance to shut down VSA servers immediately.” Kaseya runs what’s called a virtual system administrator, or VSA, that’s used to remotely manage and monitor a customer’s network.


    The privately held Kaseya says it is based in Dublin, Ireland, with a U.S. headquarters in Miami. The Miami Herald recently described it as “one of Miami’s oldest tech companies” in a report about its plans to hire as many as 500 workers by 2022 to staff a recently acquired cybersecurity platform.


    Brian Honan, an Irish cybersecurity consultant, said by email Friday that “this is a classic supply chain attack where the criminals have compromised a trusted supplier of companies and have abused that trust to attack their customers.”


    He said it can be difficult for smaller businesses to defend against this type of attack because they “rely on the security of their suppliers and the software those suppliers are using.”


    The only good news, said Williams, of Rendition Infosec, is that “a lot of our customers don’t have Kaseya on every machine in their network,” making it harder for attackers to move across an organization’s computer systems.


    That makes for an easier recovery, he said.


    Active since April 2019, the group known as REvil provides ransomware-as-a-service, meaning it develops the network-paralyzing software and leases it to so-called affiliates who infect targets and earn the lion’s share of ransoms.


    REvil is among ransomware gangs that steal data from targets before activating the ransomware, strengthening their extortion efforts. The average ransom payment to the group was about half a million dollars last year, said the Palo Alto Networks cybersecurity firm in a recent report.


    Some cybersecurity experts predicted that it might be hard for the gang to handle the ransom negotiations, given the large number of victims — though the long U.S. holiday weekend might give it more time to start working through the list.


    Ransomware hits hundreds of US companies, security firm says

  5. #1030
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,555
    Damn, if only there was a Security News thread for things like this...

  6. #1031
    Member

    Join Date
    Jan 2020
    Last Online
    01-08-2023 @ 11:33 PM
    Posts
    510
    Wonder if this will destroy Kaseya or make it stronger.

    Solarwinds, though it's become a byword for supply chain attacks, doesn't appear to be struggling too much.

  7. #1032
    Member

    Join Date
    Jan 2020
    Last Online
    01-08-2023 @ 11:33 PM
    Posts
    510
    Update: "Kaseya Rules Out Supply-Chain Attack; Says VSA 0-Day Hit Its Customers Directly"

    Kaseya Rules Out Supply-Chain Attack; Says VSA 0-Day Hit Its Customers Directly

  8. #1033
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,555
    D-Link has issued a firmware hotfix to address multiple vulnerabilities in the DIR-3040 AC3000-based wireless internet router.

    Following successful exploitation, they can let attackers execute arbitrary code on unpatched routers, gain access to sensitive information or crash the routers after triggering a denial of service state.

    The DIR-3040 security flaws discovered and
    reported by Cisco Talos security researcher Dave McDaniel include hardcoded passwords, command injection, and information disclosure bugs.


    D-Link issues hotfix for hard-coded password router vulnerabilities

  9. #1034
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,555
    Chinky bastards at it again.

    CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have observed increasingly sophisticated Chinese state-sponsored activity targeting U.S. political, economic, military, educational, and critical infrastructure personnel and organizations. In response:






    • The Department of Justice has indicted four Chinese cyber actors from the advanced persistent threat (APT) group APT40 for malicious cyber activities, carried out on orders from PRC Ministry of State Security (MSS) Hainan State Security Department (HSSD). These activities resulted in the theft of trade secrets, intellectual property, and other high-value information from companies and organizations in the United States and abroad, as well as from multiple foreign governments.








    • CISA, NSA and FBI have released Joint Cybersecurity Advisory: Chinese Observed TTPs, which describes Chinese cyber threat behavior and trends and provides mitigations to help protect the Federal Government; state, local, tribal, and territorial governments; critical infrastructure, defense industrial base, and private industry organizations.





  10. #1035
    Thailand Expat lom's Avatar
    Join Date
    Jan 2006
    Last Online
    @
    Location
    on my way
    Posts
    11,453
    Quote Originally Posted by harrybarracuda View Post
    Microsoft Exchange server
    a fitting name for that product, innit?

  11. #1036
    Member

    Join Date
    Jan 2020
    Last Online
    01-08-2023 @ 11:33 PM
    Posts
    510
    Quote Originally Posted by harrybarracuda View Post
    Chinky bastards at it again.
    I don't get why China denies any involvement. One would think such hacking feats would bring glory to the nation, the party, or something.

  12. #1037
    Member

    Join Date
    Jan 2020
    Last Online
    01-08-2023 @ 11:33 PM
    Posts
    510
    More printer vulnerabilities: "Hundreds of millions of HP, Xerox, and Samsung printers vulnerable to new bug."

    Hundreds of millions of HP, Xerox, and Samsung printers vulnerable to new bug - The Record by Recorded Future

  13. #1038
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,555
    Well shit.

    The world woke up on Tuesday to two new vulnerabilities—one in Windows and the other in Linux—that allow hackers with a toehold in a vulnerable system to bypass OS security restrictions and access sensitive resources.

    As operating systems and applications become harder to hack, successful attacks typically require two or more vulnerabilities.

    One vulnerability allows the attacker access to low-privileged OS resources, where code can be executed or sensitive data can be read.

    A second vulnerability elevates that code execution or file access to OS resources reserved for password storage or other sensitive operations. The value of so-called local privilege escalation vulnerabilities, accordingly, has increased in recent years.
    Two-for-Tuesday vulnerabilities send Windows and Linux users scrambling | Ars Technica

  14. #1039
    Excommunicated baldrick's Avatar
    Join Date
    Apr 2006
    Last Online
    Today @ 12:10 AM
    Posts
    24,760
    Quote Originally Posted by harrybarracuda View Post
    and the other in Linux
    1/ We mkdir() a deep directory structure (roughly 1M nested directories)
    you wouldn't want to do that manually

  15. #1040
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,555
    Quote Originally Posted by baldrick View Post
    you wouldn't want to do that manually
    As someone pointed out, I'm surprised that didn't blow up the system.

  16. #1041
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,555
    Chinky bastards at it again.

    Chinese state-sponsored attackers have breached 13 US oil and natural gas (ONG) pipeline companies between December 2011 to 2013 following a spear-phishing campaign targeting their employees.
    The end goal of the attacks was to help China develop cyberattack capabilities that would allow future intrusions to physically damage targeted pipelines or disrupt US pipeline operations.
    Chinese state hackers breached over a dozen US pipeline operators

  17. #1042
    Member

    Join Date
    Jan 2020
    Last Online
    01-08-2023 @ 11:33 PM
    Posts
    510
    At this rate, one must assume that China/Russia/NK or whoever has accessed pretty much everything there is to access. I'm sure the things we hear about in the news are just the tip of the iceberg of what's actually known. And what's known but not revealed by companies and governments is probably only the tip of the iceberg on intrusions as a whole, most of which go undetected.

  18. #1043
    Excommunicated baldrick's Avatar
    Join Date
    Apr 2006
    Last Online
    Today @ 12:10 AM
    Posts
    24,760
    Quote Originally Posted by TTraveler View Post
    has accessed pretty much everything there is to access
    everything that is easy to access

    China state hackers are compromising large numbers of home and office routers for use in a vast and ongoing attack against organizations in France, authorities from that county said.
    Home and office routers come under attack by China state hackers, France warns | Ars Technica

    if you are forced to use an ISP supplied router to connect , then be sure to put your own router behind it for your local network

  19. #1044
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,555
    Quote Originally Posted by baldrick View Post
    if you are forced to use an ISP supplied router to connect , then be sure to put your own router behind it for your local network
    Especially if your ISP supplied router is a Huawei.

  20. #1045
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,555
    StrongPity APT targets Android devices.

    Researchers at Trend Micro say the StrongPity APT is developing and deploying Android backdoors for the first time. The threat actor is using compromised websites as watering-holes to trick users into installing malicious Android apps:
    "There are no known public reports of StrongPity using malicious Android applications in their attacks at the time of writing. In order to strengthen our confidence in the accuracy of our attribution to StrongPity, we decided to further examine some of their samples that were used to target Microsoft Windows platforms and see if we could identify similar tools, tactics, and procedures (TTPs) in their actions.
    "Just as we have seen with the Android apps, the StrongPity group favors repacking benign installers to produce trojanized versions of these applications. Likewise, the main function of these backdoors is to search, harvest, and exfiltrate files from the victim’s computers."

    https://thecyberwire.com/newsletters...-briefing/3/30

  21. #1046
    Member

    Join Date
    Jan 2020
    Last Online
    01-08-2023 @ 11:33 PM
    Posts
    510
    China is changing the meaning of security as we know it. instead of keeping information safe from 3rd parties, to China, security means making information easily accessible to government organs. At least that's how I interpret this activity.

    Tencent suspends signups to WeChat, citing 'security upgrade' and need to comply with Chinese laws

    Promises everything will be back to normal sometime in early August
    Tencent suspends signups to WeChat, citing 'security upgrade' and need to comply with Chinese laws • The Register

  22. #1047
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,555
    Quote Originally Posted by TTraveler View Post
    China is changing the meaning of security as we know it. instead of keeping information safe from 3rd parties, to China, security means making information easily accessible to government organs. At least that's how I interpret this activity.



    Tencent suspends signups to WeChat, citing 'security upgrade' and need to comply with Chinese laws • The Register
    No, you're right, the chinky bastards demand access to company networks pretending that it's for "security".

    It's all part of their IP theft approach to doing business.

  23. #1048
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,555
    Be careful with your Kindle and "free" ebooks. Attackers can now insert malware and take control of your Kindle and possibly Amazon account.

    Your Amazon Kindle and your Amazon account could be hacked by just opening a single ebook, according to research published Friday as part of the DEF CON security conference taking place in Las Vegas this week.

    Once the malicious book is opened, a remote hacker could delete all books on the device and could steal the authentication token used to get into an Amazon account, according to the proof of concept attack developed by researchers at Israel-based cybersecurity company Check Point. “Equipped with these tokens the attacker would now be able to access the victims Amazon account and perform anything on his behalf,” said Yaniv Balmas, head of cyber research at Check Point. An attacker could have also used the Kindle as a launchpad for attacking other devices on a local WiFi network.
    Amazon Kindle Hack Needs Just One Evil Ebook To Take Over Your Ereader—And Maybe Your Amazon Account Too

  24. #1049
    Excommunicated baldrick's Avatar
    Join Date
    Apr 2006
    Last Online
    Today @ 12:10 AM
    Posts
    24,760
    Quote Originally Posted by harrybarracuda View Post
    No, you're right, the chinky bastards demand access to company networks pretending that it's for "security".
    they will soon be able to see butterfluffers arsehole when they get access to the photos on his iphone

  25. #1050
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,555
    Actively exploited bug bypasses authentication on millions of routers

    "Vulnerable devices include dozens of router models from multiple vendors and ISPs, including Asus, British Telecom, Deutsche Telekom, Orange, O2 (Telefonica), Verizon, Vodafone, Telstra, and Telus.


    Based on the number of router models and the long list of vendors impacted by this bug, the total number of devices exposed to attacks likely reaches millions of routers."

    Actively exploited bug bypasses authentication on millions of routers

    Multiple Vulnerabilities in Buffalo and Arcadyan manufactured routers - Research Advisory | Tenable(R)

Page 42 of 44 FirstFirst ... 323435363738394041424344 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •