wiredmikey - Slashdot User

Submission + - Google Chrome Hit in Another Mysterious Zero-Day Attack (securityweek.com)

Submitted by wiredmikey on Tuesday April 20, 2021 @08:42PM

wiredmikey writes: Google late Tuesday shipped another urgent security patch for its dominant Chrome browser and warned that attackers are exploiting one of the zero-days in active attacks. This is the fourth in-the-wild Chrome zero-day discovered so far in 2021 and the continued absence of IOC data or any meaningful information about the attacks continue to raise eyebrows among security experts.“Google is aware of reports that exploits for CVE-2021-21224 exist in the wild,” the company said, with no additional details.

Submission + - Codecov Bash Uploader Compromised in Supply Chain Hack (securityweek.com)

Submitted by wiredmikey on Thursday April 15, 2021 @10:55PM

wiredmikey writes: Security response professionals are scrambling to measure the fallout from a software supply chain compromise of Codecov Bash Uploader that went undetected since January and exposed sensitive secrets like tokens, keys and credentials from organizations around the world.

“This is a significant compromise. [We are now] working to figure out blast radius, given that this was exfiltrating credentials for several months,” a Silicon Valley security response professional told SecurityWeek.

The hack occurred four months ago but was only discovered in the wild by a Codecov customer on the morning of April 1, 2021, the company said. Codecov is considered the vendor of choice for measuring code coverage in the tech industry. The company’s tools help developers understand and measure lines of codes executed by a test suite and is widely deployed in big tech development pipelines

Submission + - Cyberattack Forces Brewery Shutdown at Molson Coors (securityweek.com)

Submitted by wiredmikey on Thursday March 11, 2021 @04:11PM

wiredmikey writes: Incident responders at Molson Coors are not living the high life today, as they scramble to recover from a cyberattack that impacted brewery operations, production, and shipments. The iconic beer maker said did not provide technical details, but said it was “actively managing” the incident and working around the clock to get its systems back up as quickly as possible. The company produces several iconic beer brands including Coors Light, Miller Lite, Molson Canadian, Carling, Coors Banquet, Blue Moon and others.

Submission + - Microsoft Warns of Exchange Server Zero-Days Under Attack (securityweek.com)

Submitted by wiredmikey on Tuesday March 02, 2021 @07:32PM

wiredmikey writes: Microsoft late Tuesday raised the alarm after discovering Chinese cyber-espionage operators chaining multiple zero-day exploits to siphon e-mail data from corporate Microsoft Exchange servers.

Redmond's warning includes the release of emergency out-of-band patches for four distinct zero-day vulnerabilities that formed part of the threat actor's arsenal. Microsoft pinned the blame on a sophisticated Chinese APT operator called HAFNIUM that operates from leased VPS (virtual private servers) in the United States.

HAFNIUM primarily targets entities in the U.S. across a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks, and NGOs.

Submission + - Russian Hackers Hit French IT Monitoring Vendor Centreon (securityweek.com)

Submitted by wiredmikey on Monday February 15, 2021 @03:45PM

wiredmikey writes: France's national cybersecurity agency is publicly blaming the Russia-linked Sandworm APT group for a string of long-term intrusions at European software and web hosting organizations. According the French National Agency for the Security of Information Systems (ANSSI), the data breaches date back to 2017 and include the eyebrow-raising compromise of Centreon, an IT monitoring software provider widely embedded throughout government organizations in France. A technical report showed the attacks targeted Linux servers running the CentOS operating system.

Submission + - Apple Adds 'BlastDoor' to Secure iOS From Zero-Click Attacks (securityweek.com)

Submitted by wiredmikey on Thursday January 28, 2021 @06:08PM

wiredmikey writes: Apple has quietly added several anti-exploit mitigations into iOS in what appears to be a specific response to zero-click iMessage attacks observed in the wild.

The new mitigations were discovered by Samuel Groß, a Google Project Zero security researcher, with the first big addition being a new, tightly sandboxed “BlastDoor” service that is now responsible for the parsing of untrusted data in iMessages.

With iOS 14, Groß discovered that Apple shipped a significant refactoring of iMessage processing, and made all four parts of an attack much harder to succeed.

Submission + - Data (Allegedly) Obtained in SolarWinds Hack Offered for Sale (securityweek.com)

Submitted by wiredmikey on Wednesday January 13, 2021 @10:26AM

wiredmikey writes: A website is offering to sell gigabytes of files allegedly obtained as a result of the recently disclosed SolarWinds breach.

Called "SolarLeaks", the website offers source code allegedly obtained from Microsoft, Cisco, SolarWinds and FireEye. The information allegedly taken from Microsoft, offered for $600,000, is contained in a 2.6 Gb file and the seller claims it includes partial source code for Windows and “various Microsoft repositories.”

The cybercriminals behind the SolarLeaks website claim they are willing to sell all files for $1 million, and they also claim they still have access to the systems of targeted companies and this is only the first batch of data. They also claim they can provide proof that their offer is legitimate.

While some members of the cybersecurity industry believe SolarLeaks is likely a scam, others believe the seller could really possess the files they are offering, with some saying it could be a misdirection attempt.

Submission + - Kaspersky Connects SolarWinds Attack Code to Known Russian Hacking Group (securityweek.com)

Submitted by wiredmikey on Monday January 11, 2021 @11:17AM

wiredmikey writes: Researchers from Kaspersky have identified some similarities between the Sunburst malware used in the SolarWinds supply chain attack and Kazuar, a backdoor that appears to have been used by the Russia-linked cyber-espionage group known as Turla. Kaspersky reported finding an interesting link between the Sunburst malware delivered by the SolarWinds attackers and Kazuar, a .NET backdoor that has been around since at least 2015 and which was first detailed in 2017 by Palo Alto Networks. Kaspersky on Monday published a technical blog post describing the similarities between Kazuar and Sunburst, noting that malware developers have continued improving the former, with new samples being seen as recently as late December 2020.

Submission + - Hackers Show Tesla Model X Can Be Stolen in Minutes (securityweek.com)

Submitted by wiredmikey on Monday November 23, 2020 @10:55AM

wiredmikey writes: Researchers from the Computer Security and Industrial Cryptography (COSIC) group at the KU Leuven university in Belgium have demonstrated that a Tesla Model X can be stolen in minutes by exploiting vulnerabilities in the car’s keyless entry system.

To conduct the attack, researchers used a modified Model X electronic control unit (ECU) to force the victim’s key fob to advertise itself as a connectable Bluetooth device. They then exploited the update mechanism to push a malicious firmware update to the fob, which enabled them to obtain a piece of data that would allow them to unlock the car at any time.

The vulnerabilities were patched recently by Tesla with an over-the-air update (version 2020.48) that is currently being rolled out to vehicles.

Submission + - Official Trump Campaign Website Hacked (securityweek.com)

Submitted by wiredmikey on Tuesday October 27, 2020 @10:02PM

wiredmikey writes: Hackers managed to deface Donald Trump's campaign website on Tuesday, just a week before Election Day. "This site was seized," said a message that popped up on donaldjtrump.com, which normally carries details of rallies and fundraising appeals. "The world has had enough of the fake-news spreaded daily by president donald j trump", the message went to say. Trump campaign spokesman Tim Murtaugh said the site was quickly fixed and no sensitive data was compromised.

Submission + - Edward Snowden Granted Permanent Residency in Russia (securityweek.com)

Submitted by wiredmikey on Thursday October 22, 2020 @09:40AM

wiredmikey writes: Fugitive US whistleblower Edward Snowden has been granted permanent residency in Russia, his lawyer said on Thursday. Snowden, the former US intelligence contractor who revealed in 2013 that the US government was spying on its citizens, has been living in exile in Russia since the revelations. Snowden is wanted in the United States on espionage charges after he leaked information showing that agents from the NSA were collecting telephone records of millions of US citizens.

Submission + - Patient Dies After Hospital is Hit by Ransomware Attack (securityweek.com)

Submitted by wiredmikey on Thursday September 17, 2020 @09:39AM

wiredmikey writes: A patient died after a German hospital was hit by ransomware attack, when hackers thought they were targeting a university. German authorities said that what appears to have been a misdirected hacker attack impacted systems at a major hospital in Duesseldorf, and a woman who needed urgent admission died after she had to be taken to another city for treatment. Duesseldorf police established contact and told the attacker that the hospital, and not the university, had been affected, endangering patients. The attacker then withdrew the extortion attempt and provided a digital key to decrypt the data.

Submission + - iOS Security is F'd, Exploit Acquisition Expert Says (securityweek.com)

Submitted by wiredmikey on Thursday May 14, 2020 @12:16PM

wiredmikey writes: An abundance of iOS exploits being submitted to be sold should alarm iPhone/iPad users, according to the CEO exploit acquisition firm Zerodium. The company announced that it was no longer buying certain types of iOS exploits due to a surplus, and the company expects prices to drop in the near future.

“iOS Security is fucked,” Chaouki Bekrar, CEO of Zerodium said, noting that they are already seeing many exploits designed to bypass PAC and a few zero-day exploits that can help an attacker achieve persistence on all iPhones and iPads. “Let’s hope iOS 14 will be better,” he added.

Bekrar said that only pointer authentication codes (PACs) — which provide protection against unexpected changes to pointers in memory — and the difficulty to achieve persistence “are holding [iOS security] from going to zero.”

Submission + - Zoom Acquires Keybase to Add End-to-End Encryption (securityweek.com)

Submitted by wiredmikey on Thursday May 07, 2020 @09:48AM

wiredmikey writes: Zoom Video announced on Thursday that it has acquired secure messaging and file-sharing service Keybase for an undisclosed sum. The move is the latest by the company as it attempts to bolster the security of its offerings and build in end-to-end encryption that can scale to the company’s massive user base.

Zoom said it would offer an end-to-end encrypted meeting mode to all paid accounts. Details on Zoom’s encryption roadmap are available on the Zoom blog.

Submission + - Silicon Valley Legends Jim Clark & Tom Jermoluk on Quest to Eliminate Passwo (securityweek.com)

Submitted by wiredmikey on Tuesday April 14, 2020 @08:31AM

wiredmikey writes: Internet icons Jim Clark and Tom Jermoluk (past founders of Netscape, Silicon Graphics and @Home Network) have launched a new company and created a phone-resident personal certificate-based authentication and authorization solution that eliminates all passwords. The technology used is not new, being based on X.509 certificates and SSL (invented by Netscape some 25 years ago and still the bedrock of secure internet communications). Their new firm, Beyond Identity, has raised $30 Million Series A funding and is first concentrating on the corporate market, but has plans to extend its offering to consumers in late 2020.

Slashdot Top Deals