[*] [-] [-] [x] [A+] [a-]  
[l] at 1/28/22 6:13am
Enlarge (credit: Getty Images) A fake two-factor-authentication app that has been downloaded some 10,000 times from Google Play surreptitiously installed a known banking-fraud trojan that scoured infected phones for financial data and other personal information, security firm Pradeo said. 2FA Authenticator went live on Google Play two weeks ago, posing as an alternative to legitimate 2FA apps from Google, Twilio, and other trusted companies. In fact, researchers from security firm Pradeo said on Thursday, the app steals personal data from user devices and uses it to determine whether infected phones should download and install a banking trojan already known to have infected thousands of phones in the past. The vulturs are circling Discovered last year by security firm ThreatFabric, Vultur is an advanced piece of Android malware. One of its many innovations is its use of a real implementation of the VNC screen-sharing application to mirror screens of infected devices so attackers can glean in real time the login credentials and other sensitive data from banking and finance apps.Read 7 remaining paragraphs | Comments

[Category: Biz & IT]

[*] [-] [-] [x] [A+] [a-]  
[l] at 1/28/22 4:45am
Enlarge / Drowning in a sea of data. (credit: Getty Images) As Internet attacks go, data floods designed to knock servers offline are among the crudest, akin to a brutish caveman wielding a club to clobber his rival. Over the years, those clubs have grown ever larger. New data provided by Microsoft on Thursday shows there's no end in sight to that growth. The company's Azure DDoS Protection team said that, in November, it fended off what industry experts say is likely the biggest distributed denial-of-service attack ever: a torrent of junk data with a throughput of 3.47 terabytes per second. The record DDoS came from more than 10,000 sources located in at least 10 countries around the world. DDoS arms race The DDoS targeted an unidentified Azure customer in Asia and lasted for about two minutes.Read 17 remaining paragraphs | Comments

[Category: Biz & IT, amplification, DDoS, distributed denial of service, reflection]

[*] [-] [-] [x] [A+] [a-]  
[l] at 1/27/22 1:36pm
Enlarge (credit: Apple) If you're using either Dropbox or Microsoft OneDrive to sync files on a Mac, you'll want to pay attention to the release notes for today's macOS 12.3 beta: the update is deprecating a kernel extension used by both apps to download files on demand. The extension means that files are available when you need them but don't take up space on your disk when you don't. Apple says that "both service providers have replacements for this functionality currently in beta." Both Microsoft and Dropbox started alerting users to this change before the macOS beta even dropped. Dropbox's page is relatively sparse. The page notifies users that Dropbox's online-only file functionality will break in macOS 12.3 and that a beta version of the Dropbox client with a fix will be released in March. Microsoft's documentation for OneDrive's Files On-Demand feature is more detailed. It explains that Microsoft will be using Apple's File Provider extensions for future OneDrive versions, that the new Files On-Demand feature will be on by default, and that Files On-Demand will be supported in macOS 12.1 and later.Read 3 remaining paragraphs | Comments

[Category: Biz & IT, Tech, dropbox, MacOS, onedrive]

[*] [-] [-] [x] [A+] [a-]  
[l] at 1/26/22 3:05pm
Enlarge (credit: Getty Images) A banking-fraud trojan that has been targeting Android users for three years has been updated to create even more grief. Besides draining bank accounts, the trojan can now activate a kill switch that performs a factory reset and wipes infected devices clean. Brata was first documented in a post from security firm Kaspersky, which reported that the Android malware had been circulating since at least January 2019. The malware spread primarily through Google Play but also through third-party marketplaces, push notifications on compromised websites, sponsored links on Google, and messages delivered by WhatsApp or SMS. At the time, Brata targeted people with accounts from Brazil-based banks. Covering its malicious tracks Now Brata is back with a host of new capabilities, the most significant of which is the ability to perform a factory reset on infected devices to erase any trace of the malware after an unauthorized wire transfer has been attempted. Security firm Cleafy Labs, which first reported the kill switch, said other features recently added to Brata include GPS tracking, improved communication with control servers, the ability to continuously monitor victims’ bank apps, and the ability to target the accounts of banks located in additional countries. The trojan now works with banks located in Europe, the US, and Latin America.Read 6 remaining paragraphs | Comments

[Category: Biz & IT, android, bank fraud, factory reset, malware]

[*] [-] [-] [x] [A+] [a-]  
[l] at 1/25/22 6:55pm
Enlarge (credit: Getty Images) Linux users on Tuesday got a major dose of bad news—a 12-year-old vulnerability in a system tool called Polkit gives attackers unfettered root privileges on machines running most major distributions of the open source operating system. Previously called PolicyKit, Polkit manages system-wide privileges in Unix-like OSes. It provides a mechanism for nonprivileged processes to safely interact with privileged processes. It also allows users to execute commands with high privileges by using a component called pkexec, followed by the command. Trivial to exploit and 100 percent reliable Like most OSes, Linux provides a hierarchy of permission levels that controls when and what apps or users can interact with sensitive system resources. The design is intended to limit the damage that can happen if a user isn’t trusted to have administrative control of a network or if the app is hacked or malicious.Read 9 remaining paragraphs | Comments

[Category: Biz & IT, exploits, linux security, vulnerabilities]

[*] [-] [-] [x] [A+] [a-]  
[l] at 1/25/22 2:31pm
Enlarge (credit: Getty Images) Researchers have uncovered advanced, never-before-seen macOS malware that was installed using exploits that were almost impossible for most users to detect or stop once the users landed on a malicious website. The malware was a full-featured backdoor that was written from scratch, an indication that the developers behind it have significant resources and expertise. DazzleSpy, as researchers from security firm Eset have named it, provides an array of advanced capabilities that give the attackers the ability to fully monitor and control infected Macs. Features include: victim device fingerprinting screen capture file download/upload execute terminal commands audio recording keylogging Deep pockets, top-notch talent Mac malware has become more common over the years, but the universe of advanced macOS backdoors remains considerably smaller than that of advanced backdoors for Windows. The sophistication of DazzleSpy—as well as the exploit chain used to install it—is impressive. It also doesn’t appear to have any corresponding counterpart for Windows. This has led Eset to say that the people who developed DazzleSpy are unusual.Read 15 remaining paragraphs | Comments

[Category: Biz & IT, backdoor, exploits, MacOS, malware]

[*] [-] [-] [x] [A+] [a-]  
[l] at 1/25/22 1:03pm
Enlarge / The current Starlink user terminal. Images of the planned ruggedized terminal aren't available yet. (credit: Starlink) SpaceX's Starlink division is planning a new ruggedized satellite dish that can operate in hotter and colder temperatures. This is the second ruggedized Starlink dish the company has revealed—the first is designed for vehicles, ships, and aircraft, while the newer one is a fixed earth station that would provide broadband to buildings. SpaceX asked the Federal Communications Commission for permission to deploy the "high-performance fixed earth stations" (or "HP terminals") in an application filed Friday. PCMag wrote an article about the application yesterday. "Compared to other user terminals SpaceX Services has been authorized to deploy, the HP model has been ruggedized to handle harsher environments so that, for example, it will be able to continue to operate at greater extremes of heat and cold, will have improved snow/ice melt capabilities, and will withstand a greater number of thermal cycles," SpaceX told the FCC. SpaceX said its application should be approved because the terminals will extend the Starlink network to "a range of much more challenging environments."Read 8 remaining paragraphs | Comments

[Category: Biz & IT, spacex, starlink]

[*] [+] [-] [x] [A+] [a-]  
[l] at 1/24/22 4:20pm
Enlarge (credit: The_Grim_Sleeper) Bandai Namco, publisher of the Dark Souls role-playing game series, has taken down its player-versus-player servers while it investigates reports of a serious vulnerability that allows players to execute malicious code on the PCs of fellow players. Word of the critical remote-code-execution flaw emerged over the weekend in Reddit threads here and here. An exploit that hit a user named The_Grim_Sleeper was captured in a video stream posted over the weekend. Starting around 1:20:22, the user’s game crashed, and a robotic voice mocked his gameplay and maturity level. “What the fuck,” The_Grim_Sleeper said in response. “My game just crashed, and immediately Powershell opened up and started narrating a fucking” screed. “I didn’t even know that shit was possible.”Read 6 remaining paragraphs | Comments

[Category: Biz & IT, Dark Souls, exploit, games, hack, vulnerability]

[*] [-] [-] [x] [A+] [a-]  
[l] at 1/24/22 3:45pm
Enlarge (credit: Getty Images | zf L) AT&T has started offering 2Gbps and 5Gbps symmetrical Internet speeds over its fiber-to-the-home network, the telecom company announced today. The multi-gigabit speeds are available to "nearly 5.2 million customer locations in parts of more than 70 metro areas, such as LA, Atlanta, and Dallas," AT&T said. AT&T is charging $110 per month plus taxes for its 2Gbps home-Internet plan and $180 per month plus taxes for the 5Gbps home-Internet plan. Business fiber prices are $225 per month for 2Gbps and $395 for 5Gbps. Base prices for other fiber home-Internet plans are $55 for 300Mbps, $65 for 500Mbps, and $80 for 1Gbps. The fine print notes that a "$99 installation fee may apply." AT&T imposes data caps on lower-end home-Internet plans but provides unlimited data on tiers with speeds of 100Mbps and above. AT&T's announcement said its new fiber plans have "no equipment fees, no annual contract, no data caps, and no price increase at 12 months." The 1Gbps and multi-gigabit plans also include HBO Max access.Read 12 remaining paragraphs | Comments

[Category: Biz & IT, AT&T, fiber]

[*] [+] [-] [x] [A+] [a-]  
[l] at 1/24/22 12:57pm
Enlarge / Servicemen of Russia's Eastern Military District units attend a welcoming ceremony as they arrive in Belarus to take part in joint military exercises. Russia's military is combining its own means of transport with train travel. (credit: Getty Images) Hacktivists in Belarus said on Monday they had infected the network of the country’s state-run railroad system with ransomware and would provide the decryption key only if Belarus President Alexander Lukashenko stopped aiding Russian troops ahead of a possible invasion of Ukraine. Referring to the Belarus Railway, a group calling itself Cyber ​​Partisans wrote on Telegram: BelZhD, at the command of the terrorist Lukashenko, these days allows the occupying troops to enter our land. As part of the "Peklo" cyber campaign, we encrypted the bulk of the servers, databases and workstations of the BelZhD in order to slow down and disrupt the operation of the road. The backups have been destroyed. Dozens of databases have been cyberattacked, including AS-Sledd, AS-USOGDP, SAP, AC-Pred, pass.rw.by, uprava, IRC, etc. Automation and security systems were deliberately NOT affected by a cyber attack in order to avoid emergency situations. The group also announced the attack on Twitter.Read 13 remaining paragraphs | Comments

[Category: Biz & IT, Policy, Belarus, hacktivism, ransomware, russia]

[*] [-] [-] [x] [A+] [a-]  
[l] at 1/22/22 10:47am
Enlarge / Patriot Front members spray-painting in Springfield, Illinois. (credit: Unicornriot.ninja) Chat messages, images, and videos leaked from the server of a white supremacist group called Patriot Front purport to show its leader and rank-and-file members conspiring in hate crimes, despite their claims that they are a legitimate political organization. Patriot Front, or PF, formed in the aftermath of the 2017 Unite the Right rally in Charlottesville, Virginia, in which one attendee rammed his car into a crowd of counterprotesters, killing one and injuring 35 others. PF founder Thomas Rousseau started the group after an image posted online showed the now-convicted killer, James Alex Fields Jr., posing with members of white supremacist group Vanguard America shortly before the attack. Vanguard America soon dissolved, and Rousseau rebranded it as PF with the goal of hiding any involvement in violent acts. James Alex Fields was w/ the Vanguard America folks in #Charlottesville. Learn more about the group > https://t.co/HNloF8Btnf @ADL_National pic.twitter.com/TmJLi0kfZo— Oren Segal (@orensegal) August 13, 2017 Since then, PF has strived to present itself as a group of patriots who are aligned with the ideals and values of America's 18th-century founders. In announcing the formation of PF in 2017, Rousseau wrote:Read 8 remaining paragraphs | Comments

[Category: Biz & IT, data breach, leaks, patriot front]

[*] [-] [-] [x] [A+] [a-]  
[l] at 1/22/22 5:15am
Enlarge / Sam Zeloof completed this homemade computer chip with 1,200 transistors, seen under a magnifying glass, in August 2021. (credit: Sam Kang) In August, chipmaker Intel revealed new details about its plan to build a “mega-fab” on US soil, a $100 billion factory where 10,000 workers will make a new generation of powerful processors studded with billions of transistors. The same month, 22-year-old Sam Zeloof announced his own semiconductor milestone. It was achieved alone in his family’s New Jersey garage, about 30 miles from where the first transistor was made at Bell Labs in 1947. With a collection of salvaged and homemade equipment, Zeloof produced a chip with 1,200 transistors. He had sliced up wafers of silicon, patterned them with microscopic designs using ultraviolet light, and dunked them in acid by hand, documenting the process on YouTube and his blog. “Maybe it’s overconfidence, but I have a mentality that another human figured it out, so I can, too, even if maybe it takes me longer,” he says. Read 20 remaining paragraphs | Comments

[Category: Biz & IT, Gaming & Culture, Tech, chipmaking, maker, x86]

[*] [-] [-] [x] [A+] [a-]  
[l] at 1/21/22 2:01pm
Enlarge (credit: Getty Images) Dozens of legitimate WordPress add-ons downloaded from their original sources have been found backdoored through a supply chain attack, researchers said. The backdoor has been found on “quite a few” sites running the open source content management system. The backdoor gave the attackers full administrative control of websites that used at least 93 WordPress plugins and themes downloaded from AccessPress Themes. The backdoor was discovered by security researchers from JetPack, the maker of security software owned by Automatic, provider of the WordPress.com hosting service and a major contributor to the development of WordPress. In all, Jetpack found that 40 AccessPress themes and 53 plugins were affected. Unknowingly providing access to the attacker In a post published Thursday, Jetpack researcher Harald Eilertsen said timestamps and other evidence suggested the backdoors were introduced intentionally in a coordinated action after the themes and plugins were released. The affected software was available by download directly from the AccessPress Themes site. The same themes and plugins mirrored on WordPress.org, the official developer site for the WordPress project, remained clean.Read 7 remaining paragraphs | Comments

[Category: Biz & IT, backdoors, malware, supply chain attack]

[*] [-] [-] [x] [A+] [a-]  
[l] at 1/19/22 6:17pm
Enlarge (credit: Getty Images) The Red Cross on Wednesday pleaded with the threat actors behind a cyberattack that stole the personal data of about 515,000 people who used a program that works to reunite family members separated by conflict, disaster, or migration. "While we don't know who is responsible for this attack, or why they carried it out, we do have this appeal to make to them," Robert Mardini, the director-general of the International Committee for the Red Cross, said in a release. “Your actions could potentially cause yet more harm and pain to those who have already endured untold suffering. The real people, the real families behind the information you now have are among the world's least powerful. Please do the right thing. Do not share, sell, leak or otherwise use this data." Wednesday’s release said the personal data was obtained through the hack of a Switzerland-based subcontractor that stores data for the Red Cross. The data was compiled by at least 60 different Red Cross and Red Crescent National Societies worldwide. The ICRC said it has no "immediate indications as to who carried out this cyber-attack" and is so far unaware of any of the compromised information being leaked or shared publicly.Read 3 remaining paragraphs | Comments

[Category: Biz & IT, cyberattack, data breach, hacking, Red Cross]

[*] [-] [-] [x] [A+] [a-]  
[l] at 1/19/22 3:28pm
Enlarge (credit: Western Digital) Western Digital has patched three critical vulnerabilities—one with a severity rating of 9.8 and another with a 9.0—that make it possible for hackers to steal data or remotely hijack storage devices running version 3 of the company’s My Cloud OS. CVE-2021-40438, as one of the vulnerabilities is tracked, allows remote attackers with no authentication to make devices forward requests to servers of the attacker's choosing. Like the other two flaws Western Digital fixed, it resides in the Apache HTTP Server versions 2.4.48 and earlier. Attackers have already successfully exploited it to steal hashed passwords from a vulnerable system, and exploit code is readily available. The vulnerability, with a severity rating of 9 out of a maximum 10, stems from a Server-Side Request Forgery. This class of bug lets attackers funnel malicious requests to internal systems that are behind firewalls or otherwise not accessible outside a private network. It works by inducing server-side applications to make HTTP requests to an arbitrary domain of the attacker's choosing.Read 5 remaining paragraphs | Comments

[Category: Biz & IT, exploits, my cloud os, vulnerabilities, Western Digital]

[*] [-] [-] [x] [A+] [a-]  
[l] at 1/19/22 2:28pm
Enlarge / A Boeing 777. (credit: Boeing) The Federal Aviation Administration today said it has cleared 62 percent of US commercial airplanes to perform low-visibility landings at airports where AT&T and Verizon are deploying 5G on C-band spectrum this week. Several international airlines previously canceled some flights to the US after Boeing issued a recommendation to not fly the 777 into airports where carriers are deploying 5G on the C-band. However, the 777 planes—or at least those that have altimeters capable of filtering out C-band transmissions—were on the FAA's new list of cleared aircraft. The FAA has been granting Alternate Means of Compliance (AMOCs) to operators with altimeters that are safe to use. "Airplane models with one of the five cleared altimeters include some Boeing 717, 737, 747, 757, 767, 777, MD-10/-11 and Airbus A300, A310, A319, A320, A330, A340, A350 and A380 models," the FAA said in a statement issued shortly after 2 pm EST today. These airplanes are now authorized "to perform low-visibility landings at airports where wireless companies deployed 5G C-band," the FAA said. The word "some" indicates that not every plane with the mentioned model numbers has an approved altimeter.Read 20 remaining paragraphs | Comments

[Category: Biz & IT, Policy, 5G, altimeters, AT&T, Boeing, c-band, FAA, verizon]

[*] [+] [-] [x] [A+] [a-]  
[l] at 1/18/22 12:32pm
Enlarge (credit: Aurich Lawson) Microsoft's monthly Patch Tuesday updates for Windows are generally meant to fix problems, but that isn't how it always goes. January's updates, released last week, caused a handful of problems for businesses in particular. The most serious, especially for people still dealing with pandemic-driven remote-work setups, was a bug that broke certain kinds of VPN connections. Microsoft has provided fixes for this and other issues as of today, a few days after acknowledging the problem on its Known Issues page. According to Microsoft's documentation and reporting from Bleeping Computer, the VPN connection issues affected "IPSEC connections which contain a Vendor ID," as well as L2TP and IPSEC IKE VPN connections in Windows 10, Windows 11, and Windows Server versions 2022, 20H2, 2019, and 2016. Windows' built-in VPN client seems to be the most commonly affected, but third-party VPN clients using these kinds of connections could also run into the error. The latest round of Patch Tuesday updates also caused some problems for Windows Server, including unexpected reboots for domain controllers and failed boots for Hyper-V virtual machines. These problems have all been resolved by other out-of-band patches, though not before causing problems for beleaguered IT admins.Read 1 remaining paragraphs | Comments

[Category: Biz & IT, Tech, microsoft, patch tuesday]

[*] [-] [-] [x] [A+] [a-]  
[l] at 1/18/22 11:14am
Enlarge (credit: Getty Images) For the past four months, Apple’s iOS and iPadOS devices and Safari browser have violated one of the Internet’s most sacrosanct security policies. The violation results from a bug that leaks user identities and browsing activity in real time. The same-origin policy is a foundational security mechanism that forbids documents, scripts, or other content loaded from one origin—meaning the protocol, domain name, and port of a given webpage or app—from interacting with resources from other origins. Without this policy, malicious sites—say, badguy.example.com—could access login credentials for Google or another trusted site when it’s open in a different browser window or tab. Obvious privacy violation Since September’s release of Safari 15 and iOS and iPadOS 15, this policy has been broken wide open, research published late last week found. As a demo site graphically reveals, it’s trivial for one site to learn the domains of sites open in other tabs or windows, as well as user IDs and other identifying information associated with the other sites.Read 9 remaining paragraphs | Comments

[Category: Biz & IT, apple, iOS, iPadOS, privacy, Safari]

[*] [-] [-] [x] [A+] [a-]  
[l] at 1/17/22 4:19pm
Enlarge (credit: Getty Images) Over the past few months, geopolitical tensions have escalated as Russia amassed tens of thousands of troops along Ukraine’s border and made subtle but far-reaching threats if Ukraine and NATO don’t agree to Kremlin demands. Now, a similar dispute is playing out in cyber arenas, as unknown hackers late last week defaced scores of Ukrainian government websites and left a cryptic warning to Ukrainian citizens who attempted to receive services. Be afraid and expect the worst “All data on the computer is being destroyed, it is impossible to recover it,” said a message, written in Ukrainian, Russian, and Polish, that appeared late last week on at least some of the infected systems. “All information about you has become public, be afraid and expect the worst."Read 16 remaining paragraphs | Comments

[Category: Biz & IT, Policy, diskwiper, microsoft, russia, Ukraine, whispergate]

[*] [-] [-] [x] [A+] [a-]  
[l] at 1/16/22 3:34pm
Enlarge The past year saw a breathtaking rise in the value of cryptocurrencies like Bitcoin and Ethereum, with Bitcoin gaining 60 percent in value in 2021 and Ethereum spiking 80 percent. So perhaps it's no surprise that the relentless North Korean hackers who feed off that booming crypto economy had a very good year as well. North Korean hackers stole a total of $395 million worth of crypto coins last year across seven intrusions into cryptocurrency exchanges and investment firms, according to blockchain analysis firm Chainalysis. The nine-figure sum represents a nearly $100 million increase over the previous year's thefts by North Korean hacker groups, and it brings their total haul over the past five years to $1.5 billion in cryptocurrency alone—not including the uncounted hundreds of millions more the country has stolen from the traditional financial system. That hoard of stolen cryptocurrency now contributes significantly to the coffers of Kim Jong-un's totalitarian regime as it seeks to fund itself—and its weapons programs—despite the country's heavily sanctioned, isolated, and ailing economy. Read 12 remaining paragraphs | Comments

[Category: Biz & IT, Policy, cryptocurrency, hacking, North Korea]

As of 1/28/22 3:49pm. Last new 1/28/22 8:56am.

Next feed in category: Security Affairs