Security News

  • The Next Web
  • The Hackers News
  • Naked Security
  • HelpNet Security
  • Error
  • Security Week
  • Threat Post
  • Security Week
  • Security Affairs
  • IT World Canada
  • Fire Eye
  • Tech Channel
Google Search has a new mobile design — come spot the differences

Google Search is getting a new, lighter, bubblier design for mobile devices. It’s rolling out “in the coming days.” Here’s what it looks like: For reference, this is what the old search looked like: Some of the changes include: A brighter design that allows people to focus on information “instead of the design elements around it.” Bolder text in search results, making it easier to distinguish between different types of information. This also includes using more of “Google’s own font.” Results are now edge-to-edge, rather than being framed in little cards with shadows. This gives results a little more room…… [...]

A pansexual’s perspective on Mass Effect 2’s capitulation to Fox News

Having recently been raised to the lofty position of King of The Pansexual Realms (that’s the name of my duchy in Crusader Kings III), I felt it was my duty to chime in on the latest queer-related scandal in gaming. The lead writer of Mass Effect 2 recently revealed the game was meant to have a pansexual character but, due to fear of criticism from Fox News, that idea was scrapped and the character was relegated to heterosexual interactions only. This particular debacle is fun for me because it’s usually just the straights and the gays who hog the spotlight, but…… [...]

New ‘robomorphic’ computing method aims to speed up slow-witted robots

MIT researchers have developed a new way of speeding up a robot’s reactions. They call it “robomorphic computing.” The method is designed to shrink the gap between a robot’s “mind” and movements by creating customized chips that serve its specific computing needs. The system’s inventors believe it could enhance a variety of robotics applications — including frontline medical care of COVID-19 patients. “It would be fantastic if we could have robots that could help reduce risk for patients and hospital workers,” said Dr Sabrina Neuman, an MIT CSAIL graduate who designed the method. [Read: How this company leveraged AI to become the…… [...]

Paris plans to transform iconic Champs-Élysées into pedestrian-friendly green space

This article was originally published by Christopher Carey on Cities Today, the leading news platform on urban mobility and innovation, reaching an international audience of city leaders. For the latest updates follow Cities Today on Twitter, Facebook, LinkedIn, Instagram, and YouTube, or sign up for Cities Today News. Paris Mayor Anne Hidalgo has given the go-ahead for plans to transform the city’s Champs-Élysées into a 1.9-kilometer stretch of greenery featuring tunnels of trees, green spaces, and pedestrian zones. The £225million (US$307 million) makeover will halve the number of cars on the famous boulevard and turn the area around the Eiffel Tower into an…… [...]

AI resurrects legendary Spanish singer to hawk beer

The celebrated Spanish singer Lola Flores died in 1995, but a brewery is using AI to bring her back to life. Sevillan beer company Cruzcampo made a deepfake of the iconic Andalusian the star of a new ad campaign. The company pitches the commercial as a celebration of the diversity of Spanish accents. “Do you know why I was understood all over the world? Because of my accent,” says Flores’ AI reincarnation. “And I’m not just referring to the way I talk…” The company recreated her voice, face, and features using hours of audiovisual material, more than 5,000 photos, and a painstaking composition and…… [...]

This all-inclusive bundle explores every step of development creation through production

TLDR: The All-In-One Developer and Project Manager Exam Certification Prep Bundle features 10 courses for learning programming, app production, project management and more. Many might scoff at the one-man band, frantically playing a handful of instruments at once. But there’s a lot to be said for the self-contained solo artist that can do it all. With all the skills to create an idea, test that it works, then move that idea from the concept stage through to final production, there’s literally no project that ends up feeling too big or unmanageable.  So while all the training available in The All-in-One…… [...]

Ever wondered what’s inside a Tesla battery pack? Watch this

Electric vehicle maker Tesla is lauded for its no compromises approach to battery technology. It knows drivers want big range, coupled with fast and ample recharging facilities. When it comes to these features, it’s fair to say that Tesla has set the standard. But what exactly goes into its battery packs. What do they even look like? [Read: How Netflix shapes mainstream culture, explained by data] Thankfully, electric vehicle restomodders like to take Tesla battery packs apart, and cannibalize the parts to electrify other vehicles. There are a bunch of videos floating around the web showing Tesla batteries at certain…… [...]

Alphabet bursts its balloon-powered internet plans

Alphabet’s moonshot idea of beaming internet connectivity from giant balloons is floating back down to earth. The Google parent company announced that it’s shutting down the Loon project because the business model is unsustainable. “The road to commercial viability has proven much longer and riskier than hoped,” said Astro Teller, who leads Alphabet’s experimental X lab, in a Thursday blog post. “So we’ve made the difficult decision to close down Loon.” The ambitious venture aimed to deliver affordable internet access to unconnected, remote, and underserved areas. [Read: How this company leveraged AI to become the Netflix of Finland] The balloons were equipped with directional…… [...]

New giant ‘radio galaxies’ help shed light on the history of the universe

Two giant radio galaxies have been discovered with South Africa’s powerful MeerKAT telescope, located in the Karoo region, a semi-arid area in the southwest of the country. Radio galaxies get their name from the fact that they release huge beams, or ‘jets’, of radio light. These happen through the interaction between charged particles and strong magnetic fields related to supermassive black holes at the galaxies’ hearts. These giant galaxies are much bigger than most of the others in the Universe and are thought to be quite rare. Although millions of radio galaxies are known to exist, only around 800 giants…… [...]

Once you go EV, you never go back — according to 82% of owners, anyway

According to a report from automotive market research firm, JD Power, most electric vehicle (EV) drivers vow to never return to combustion engines. Good. JD Power says that 82% of EV early adopters “definitely will” consider buying another electric vehicle. However, it seems drivers aren’t totally loyal to the brand of their current EV, and overall satisfaction matters when it comes to their next purchase decision. [Read: How Netflix shapes mainstream culture, explained by data] It seems that drivers are making purchase decisions mostly on range, and availability of chargers. Factors like driving enjoyment, vehicle quality, and cost savings fall…… [...]

Sharing eBook With Your Kindle Could Have Let Hackers Hijack Your Account

Amazon has addressed a number of flaws in its Kindle e-reader platform that could have allowed an attacker to take control of victims' devices by simply sending them a malicious e-book. Dubbed "KindleDrip," the exploit chain takes advantage of a feature called "Send to Kindle" to send a malware-laced document to a Kindle device that, when opened, could be leveraged to remotely execute arbitrary [...]

Missing Link in a 'Zero Trust' Security Model—The Device You're Connecting With!

Like it or not, 2020 was the year that proved that teams could work from literally anywhere. While terms like "flex work" and "WFH" were thrown around before COVID-19 came around, thanks to the pandemic, remote working has become the defacto way people work nowadays. Today, digital-based work interactions take the place of in-person ones with near-seamless fluidity, and the best part is that [...]

MrbMiner Crypto-Mining Malware Links to Iranian Software Company

A relatively new crypto-mining malware that surfaced last year and infected thousands of Microsoft SQL Server (MSSQL) databases has now been linked to a small software development company based in Iran. The attribution was made possible due to an operational security oversight, said researchers from cybersecurity firm Sophos, that led to the company's name inadvertently making its way into the [...]

Here's How SolarWinds Hackers Stayed Undetected for Long Enough

Microsoft on Wednesday shared more specifics about the tactics, techniques, and procedures (TTPs) adopted by the attackers behind the SolarWinds hack to stay under the radar and avoid detection, as cybersecurity companies work towards getting a "clearer picture" of one of the most sophisticated attacks in recent history. Calling the threat actor "skillful and methodic operators who follow [...]

Importance of Application Security and Customer Data Protection to a Startup

When you are a startup, there are umpteen things that demand your attention. You must give your hundred percent (probably even more!) to work effectively and efficiently with the limited resources. Understandably, the application security importance may be pushed at the bottom of your things-to-do list. One other reason to ignore web application protectioncould be your belief that only large [...]

Hackers Accidentally Expose Passwords Stolen From Businesses On the Internet

A new large-scale phishing campaign targeting global organizations has been found to bypass Microsoft Office 365 Advanced Threat Protection (ATP) and steal credentials belonging to over a thousand corporate employees. The cyber offensive is said to have originated in August last year, with the attacks aimed specifically at energy and construction companies, said researchers from Check Point [...]

Google Details Patched Bugs in Signal, FB Messenger, JioChat Apps

In January 2019, a critical flaw was reported in Apple's FaceTime group chats feature that made it possible for users to initiate a FaceTime video call and eavesdrop on targets by adding their own number as a third person in a group chat even before the person on the other end accepted the incoming call. The vulnerability was deemed so severe that the iPhone maker removed the FaceTime group [...]

SolarWinds Hackers Also Breached Malwarebytes Cybersecurity Firm

Malwarebytes on Tuesday said it was breached by the same group who broke into SolarWinds to access some of its internal emails, making it the fourth major cybersecurity vendor to be targeted after FireEye, Microsoft, and CrowdStrike. The company said its intrusion was not the result of a SolarWinds compromise, but rather due to a separate initial access vector that works by "abusing applications [...]

Researchers Discover Raindrop — 4th Malware Linked to the SolarWinds Attack

Cybersecurity researchers have unearthed a fourth new malware strain—designed to spread the malware onto other computers in victims' networks—which was deployed as part of the SolarWinds supply chain attack disclosed late last year. Dubbed "Raindrop" by Broadcom-owned Symantec, the malware joins the likes of other malicious implants such as Sunspot, Sunburst (or Solorigate), and Teardrop that [...]

A Set of Severe Flaws Affect Popular DNSMasq DNS Forwarder

Cybersecurity researchers have uncovered multiple vulnerabilities in Dnsmasq, a popular open-source software used for caching Domain Name System (DNS) responses, thereby potentially allowing an adversary to mount DNS cache poisoning attacks and remotely execute malicious code. The seven flaws, collectively called "DNSpooq" by Israeli research firm JSOF, echoes previously disclosed weaknesses in [...]

New Educational Video Series for CISOs with Small Security Teams

Cybersecurity is hard. For a CISO that faces the cyber threat landscape with a small security team, the challenge is compounded. Compared to CISOs at large enterprises, CISOs small to medium-sized enterprises (SMEs) have smaller teams with less expertise, smaller budgets for technology and outside services, and are more involved in day-to-day protection activities. CISOs at SMEs are [...]

FreakOut! Ongoing Botnet Attack Exploiting Recent Linux Vulnerabilities

An ongoing malware campaign has been found exploiting recently disclosed vulnerabilities in network-attached storage (NAS) devices running on Linux systems to co-opt the machines into an IRC botnet for launching distributed denial-of-service (DDoS) attacks and mining Monero cryptocurrency. The attacks deploy a new  malware variant called "FreakOut" by leveraging critical flaws fixed in Laminas [...]

Apple Removes macOS Feature That Allowed Apps to Bypass Firewall Security

Apple has removed a controversial feature from its macOS operating system that allowed the company's own first-party apps to bypass content filters, VPNs, and third-party firewalls. Called "ContentFilterExclusionList," it included a list of as many as 50 Apple apps like iCloud, Maps, Music, FaceTime, HomeKit, the App Store, and its software update service that were routed through Network [...]

WhatsApp Delays Controversial 'Data-Sharing' Privacy Policy Update By 3 Months

WhatsApp said on Friday that it wouldn't enforce its recently announced controversial data sharing policy update until May 15. Originally set to go into effect next month on February 8, the three-month delay comes following "a lot of misinformation" about a revision to its privacy policy that allows WhatsApp to share data with Facebook, sparking widespread concerns about the exact kind of [...]

NSA Suggests Enterprises Use 'Designated' DNS-over-HTTPS' Resolvers

The U.S. National Security Agency (NSA) on Friday said DNS over HTTPS (DoH) — if configured appropriately in enterprise environments — can help prevent "numerous" initial access, command-and-control, and exfiltration techniques used by threat actors. "DNS over Hypertext Transfer Protocol over Transport Layer Security (HTTPS), often referred to as DNS over HTTPS (DoH), encrypts DNS requests by [...]

Joker's Stash, The Largest Carding Marketplace, Announces Shutdown

Joker's Stash, the largest dark web marketplace notorious for selling compromised payment card data, has announced plans to shut down its operations on February 15, 2021. In a message board post on a Russian-language underground cybercrime forum, the operator of the site — who goes by the name "JokerStash" — said "it's time for us to leave forever" and that "we will never ever open again," [...]

Researchers Disclose Undocumented Chinese Malware Used in Recent Attacks

Cybersecurity researchers have disclosed a series of attacks by a threat actor of Chinese origin that has targeted organizations in Russia and Hong Kong with malware — including a previously undocumented backdoor. Attributing the campaign to Winnti (or APT41), Positive Technologies dated the first attack to May 12, 2020, when the APT used LNK shortcuts to extract and run the malware payload. A [...]

Experts Uncover Malware Attacks Against Colombian Government and Companies

Cybersecurity researchers took the wraps off an ongoing surveillance campaign directed against Colombian government institutions and private companies in the energy and metallurgical industries. In a report published by ESET on Tuesday, the Slovak internet security company said the attacks — dubbed "Operation Spalax" — began in 2020, with the modus operandi sharing some similarities to an APT [...]

Intel Adds Hardware-Enabled Ransomware Detection to 11th Gen vPro Chips

Intel and Cybereason have partnered to build anti-ransomware defenses into the chipmaker's newly announced 11th generation Core vPro business-class processors. The hardware-based security enhancements are baked into Intel's vPro platform via its Hardware Shield and Threat Detection Technology (TDT), enabling profiling and detection of ransomware and other threats that have an impact on the CPU [...]

Buyer's Guide for Securing Internal Environment with a Small Cybersecurity Team

Ensuring the cybersecurity of your internal environment when you have a small security team is challenging. If you want to maintain the highest security level with a small team, your strategy has to be 'do more with less,' and with the right technology, you can leverage your team and protect your internal environment from breaches. The "buyer's guide for securing the internal environment with a [...]

Authorities Take Down World's Largest Illegal Dark Web Marketplace

Europol on Tuesday said it shut down DarkMarket, the world's largest online marketplace for illicit goods, as part of an international operation involving Germany, Australia, Denmark, Moldova, Ukraine, the U.K.'s National Crime Agency (NCA), and the U.S. Federal Bureau of Investigation (FBI). At the time of closure, DarkMarket is believed to have had 500,000 users and more than 2,400 vendors, [...]

Hackers Steal Mimecast Certificate Used to Securely Connect with Microsoft 365

Mimecast said on Tuesday that "a sophisticated threat actor" had compromised a digital certificate it provided to certain customers to securely connect its products to Microsoft 365 (M365) Exchange. The discovery was made after the breach was notified by Microsoft, the London-based company said in an alert posted on its website, adding it's reached out to the impacted organizations to remediate [...]

Microsoft Issues Patches for Defender Zero-Day and 82 Other Windows Flaws

For the first patch Tuesday of 2021, Microsoft released security updates addressing a total of 83 flaws spanning as many as 11 products and services, including an actively exploited zero-day vulnerability. The latest security patches cover Microsoft Windows, Edge browser, ChakraCore, Office and Microsoft Office Services, and Web Apps, Visual Studio, Microsoft Malware Protection Engine, .NET Core [...]

Warning — 5 New Trojanized Android Apps Spying On Users In Pakistan

Cybersecurity researchers took the wraps off a new spyware operation targeting users in Pakistan that leverages trojanized versions of legitimate Android apps to carry out covert surveillance and espionage. Designed to masquerade apps such as the Pakistan Citizen Portal, a Muslim prayer-clock app called Pakistan Salat Time, Mobile Packages Pakistan, Registered SIMs Checker, and TPL Insurance, [...]

Experts Sound Alarm On New Android Malware Sold On Hacking Forums

Cybersecurity researchers have exposed the operations of an Android malware vendor who teamed up with a second threat actor to market and sell a remote access Trojan (RAT) capable of device takeover and exfiltration of photos, locations, contacts, and messages from popular apps such as Facebook, Instagram, WhatsApp, Skype, Telegram, Kik, Line, and Google Messages. The vendor, who goes by the [...]

US administration adds “subliminal” ad to White House website

Hiding digital "secrets" where they're supposed to be found is good fun. Just don't hide actual secrets and hope no one will notice! [...]

Has the coronavirus pandemic affected Apple’s hardware design?

The more things change... the more they stay the same! [...]

Europol announces bust of “world’s biggest” dark web marketplace

Dark web servers are hard to find - but not impossible. [...]

Home schooling – how to stay secure

Whether you’re new to home schooling or an old hand, it’s worth taking a moment to ensure you’re doing it securely. [...]

Naked Security Live – HTTPS: do we REALLY need it?

Here's the latest Naked Security Live video talk - watch now, and please share with your friends! [...]

Google Titan security keys hacked by French researchers

Researchers can now made software copies of Google's "unclonable" Titan security keys - but not yet undetectably. [...]

The Cloud Security Alliance (CSA) announced the availability of version 4 of the Cloud Controls Matrix (CCM), CSA’s cybersecurity framework for cloud computing. The CCM v4 includes additional cloud security and privacy-related controls and encompasses coverage of requirements deriving from new cloud technologies, improved control auditability, enhanced interoperability and compatibility with other standards, and expanded support offerings to navigate the cloud shared responsibility model. CCM is a cybersecurity control framework for cloud computing that aligns … More → The post Cloud Controls Matrix v4 adds 60+ new cloud security controls appeared first on Help Net Security. [...]

As the COVID-19 pandemic unfolds, healthcare organizations are scrambling to ensure the safety and support of patients and staff, while also integrating and learning new technologies to support telehealth practices. The constantly evolving healthcare environment has placed immense financial strain on hospitals and increased pressure on healthcare staff, which has been made worse by the influx of possible security threats. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently released an alert highlighting imminent … More → The post Bolstering healthcare IT against growing security threats appeared first on Help Net Security. [...]

The retail and hospitality sector is fixing software flaws at a faster rate than five other sectors, a Veracode analysis of more than 130,000 applications reveals. The ability to find and fix potential security defects quickly is a necessity, particularly in an industry that requires rapid response to changing customer demands. Retail and hospitality also track a high volume of personal information about consumers through loyalty cards and membership accounts, tying into marketing data from … More → The post Retail and hospitality sector fixing software flaws at a faster rate than others appeared first on Help Net Security. [...]

Global organizations are struggling to maintain consistent application security across multiple platforms, and they are also losing visibility with the emergence of new architectures and the adoption of APIs, Radware reveals. Working to maintain application security across platforms A major factor in these challenges was the need to adjust rapidly to a new remote working and customer engagement model that resulted from the pandemic, leaving decision makers little or no time to conduct adequate security … More → The post Organizations struggle to maintain application security across platforms appeared first on Help Net Security. [...]

LexisNexis Risk Solutions published survey results of U.S. and Canadian compliance professionals on the range of challenges that financial institutions have experienced during the COVID-19 pandemic. The survey outlines the issues that many financial institutions encounter today and finds that the pandemic continues to test the resilience and agility of businesses across every market. The top three issues that compliance departments within financial institutions have experienced during the pandemic are: 42% face difficulty accessing information … More → The post Financial institutions must prepare for increased risk of financial crime appeared first on Help Net Security. [...]

Despite the impact of COVID-19, momentum for enhancements to LTE and 5G standards continue with additional releases from the Third Generation Partnership Project (3GPP). 5G Americas announced the publication of a white paper providing an update on the newest 3GPP releases launching the next chapter of 5G standardization and beyond. Many new features to be introduced For decades, 3GPP has maintained detailed mechanisms through standards which have enabled billions of worldwide users to access mobile … More → The post 3GPP standards enrich LTE and 5G with network architecture enhancements appeared first on Help Net Security. [...]

Verimatrix announced general availability of version 2.2 of the Verimatrix Application Protection service for Android. The company’s latest Code Protection service for Android applications now supports the forthcoming Android ecosystem change that will mandate the use of Android Application Bundles (AABs) in the second half of 2021. A significant shift for developers, the upcoming AAB mandate creates a need for simple, reliable software security that prevents app attacks. In addition to traditional APKs, the Verimatrix … More → The post Verimatrix launches enhanced Application Protection service for Android appeared first on Help Net Security. [...]

Field Nation is introducing an enhanced version of Field Nation Premier that provides MSPs with three new features: MarketSmart Insights, PeopleSmart Talent Management Suite and WorkSmart Productivity Suite. “For MSPs, maximizing profitability has never been more challenging or more critical,” said Wael Mohammed, EVP of Product Management, Field Nation. “We designed Field Nation Premier to help companies address their top-line and bottom-line priorities, while getting more business value out of incorporating on-demand labor into their … More → The post Field Nation Premier: Helping MSPs maximize profitability and service delivery strategy appeared first on Help Net Security. [...]

CyberCube has updated its data-driven analytic software to seamlessly enable insurers to quantify losses to scenarios that Lloyd’s has issued to syndicates for the upcoming March data collection deadline. These scenarios are used to report to Lloyd’s on how their portfolio of business would be affected by major cyber events. CyberCube has introduced the three scenarios for realistic cyber disasters as part of its Portfolio Manager product, which is used by risk carriers. The three … More → The post CyberCube updates software to enable insurers to quantify losses to cyber scenarios issued by Lloyd’s appeared first on Help Net… [...]

KABN announces that it has entered into an agreement to partner with The Campus Agency to create innovative engagement programs for Liquid Avatar to reach the US college and university student, alumni and family market. KABN NA and The Campus Agency will be working together to engage micro-influencers, develop and launch innovative engagement and Augmented Reality programs to introduce the college and university market to the Liquid Avatar and KABN value programs. The partnership goals … More → The post KABN partners with The Campus Agency to reach the US college and university market appeared first on Help Net Security. [...]

RSS Error: A feed could not be found at http://www.nist.org/nist_plugins/rss_menu/rss.php?1.3. A feed with an invalid mime type may fall victim to this error, or SimplePie was unable to auto-discover it.. Use force_feed() if you are certain this URL is a real feed.

Microsoft Edge Adds Password Generator, Drops Support for Flash, FTP

Microsoft has shipped the stable version of the Microsoft Edge 88 browser, featuring a brand new Password Generator and the ability to alert on compromised credentials.   The browser refresh also drops support for the FTP protocol and for the Adobe Flash plugin. read more [...]

Biden Orders Intelligence Agencies to Assess SolarWinds Hack

Just days into his leadership role, U.S. President Joe Biden has instructed U.S. intelligence agencies to provide him with a detailed assessment of the SolarWinds hack, which fueled a global cyber espionage campaign impacting many high-profile government agencies and businesses. read more [...]

Intel's Early Earnings Release Triggered by Hack

U.S. chip-making giant Intel Corp. has acknowledged a website hack and premature data disclosure forced the early release of its earnings report for the fourth quarter of 2020. read more [...]

Sophos: Crypto-Jacking Campaign Linked to Iranian Company

An Iran-based software company is likely behind a recently identified crypto-jacking campaign targeting SQL servers, according to a report by British anti-malware vendor Sophos. read more [...]

QNAP Warns NAS Users of 'dovecat' Malware Attacks

QNAP this week warned users of attacks targeting QNAP NAS (network-attached storage) devices with a piece of malware named “dovecat.” read more [...]

Thousands of Unprotected RDP Servers Can Be Abused for DDoS Attacks

Cybercriminals have been abusing unprotected servers running Microsoft’s Remote Desktop Protocol (RDP) service to launch distributed denial-of-service (DDoS) attacks, application and network performance management company NETSCOUT warned this week. read more [...]

Enterprise Credentials Publicly Exposed by Cybercriminals

Cybercriminals behind a successful phishing campaign have exposed more than 1,000 corporate employee credentials on the Internet, according to a warning from security vendor Check Point. read more [...]

Drupal Updates Patch Another Vulnerability Related to Archive Files

Security updates released this week by the developers of the Drupal content management system (CMS) patch a vulnerability identified in a third-party library. read more [...]

Multi-Cloud Network Security Provider Valtix Raises $12.5 Million

Multi-cloud network security platform provider Valtix on Thursday announced that it raised $12.5 million in strategic funding. read more [...]

Microsoft Details OPSEC, Anti-Forensic Techniques Used by SolarWinds Hackers

Microsoft on Wednesday released another report detailing the activities and the methods of the threat actor behind the attack on IT management solutions firm SolarWinds, including their malware delivery methods, anti-forensic behavior, and operational security (OPSEC). read more [...]

Cisco Patches Critical Vulnerabilities in SD-WAN, DNA Center, SSMS Products

Cisco this week released patches to address a significant number of vulnerabilities across its product portfolio, including several critical flaws in SD-WAN products, DNA Center, and Smart Software Manager Satellite (SSMS). read more [...]

Amazon Awards $18,000 for Exploit Allowing Kindle E-Reader Takeover

Amazon has awarded an $18,000 bug bounty for an exploit chain that could have allowed an attacker to take complete control of a Kindle e-reader simply by knowing the targeted user’s email address. read more [...]

Scanning Activity Detected After Release of Exploit for Critical SAP SolMan Flaw

A Russian researcher has made public on GitHub a functional exploit targeting a critical vulnerability that SAP patched in its Solution Manager product in March 2020. read more [...]

'LuckyBoy' Malvertising Campaign Hits iOS, Android, XBox Users

A recently identified malvertising campaign targeting mobile and other connected devices users makes heavy use of obfuscation and cloaking to avoid detection. read more [...]

In a Remote Work Era, a People-First Approach Keeps Threat Intelligence Teams on Track

Far Too Many Organizations Are Still Failing to Develop Intelligence Requirements Based on the Needs of Their Stakeholders read more [...]

Snort 3 Becomes Generally Available

Snort 3 was officially released on Tuesday and users have been advised to switch to Snort 3 from any previous version of the popular intrusion prevention and intrusion detection system (IPS/IDS). read more [...]

Oracle's January 2021 CPU Contains 329 New Security Patches

Oracle this week announced the availability of its first cumulative set of security fixes for 2021, which includes a total of 329 new patches. read more [...]

Ransomware Took Heavy Toll on US in 2020: Researchers

Ransomware attacks took a heavy toll on the United States last year with more than 2,000 victims in government, education and health care, security researchers say in a new report. read more [...]

Chrome 88 Drops Flash, Patches Critical Vulnerability

Google has released Chrome 88 to the stable channel with several security improvements inside, including patches for 36 vulnerabilities, one of which is rated critical severity, and dropped support for Adobe Flash. read more [...]

New 'FreakOut' Malware Ensnares Linux Devices Into Botnet

A recently identified piece of malware is targeting Linux devices to ensnare them into a botnet capable of malicious activities such as distributed denial of service (DDoS) and crypto-mining attacks. read more [...]

Microsoft Edge, Google Chrome Roll Out Password Protection Tools

The new tools on Chrome and Edge will make it easier for browser users to discover - and change - compromised passwords. [...]

Amazon Kindle RCE Attack Starts with an Email

The "KindleDrip" attack would have allowed attackers to siphon money from unsuspecting victims. [...]

ADT Tech Hacks Home-Security Cameras to Spy on Women

A former ADT employee pleads guilty of accessing customers’ cameras so he could spy on them. [...]

Discord-Stealing Malware Invades npm Packages

The CursedGrabber malware has infiltrated the open-source software code repository. [...]

Ransomware Attackers Publish 4K Private Scottish Gov Agency Files

Up to 4,000 stolen files have been released by hackers who launched a ransomware attack against the Scottish Environmental Protection Agency on Christmas Eve. [...]

Threat Actors Can Exploit Windows RDP Servers to Amplify DDoS Attacks

Netscout researchers identify more than 14,000 existing servers that can be abused by ‘the general attack population’ to flood organizations’ networks with traffic. [...]

Einstein Healthcare Network Announces August Breach

Einstein is in violation of the the HHS 60-day breach notification rule, but unlikely to face penalty. [...]

SQL Server Malware Tied to Iranian Software Firm, Researchers Allege

Researchers have traced the origins of a campaign - infecting SQL servers to mine cryptocurrency - back to an Iranian software firm. [...]

Google Forms Set Baseline For Widespread BEC Attacks

Researchers warn that attackers are collecting reconnaissance for future business email compromise attacks using Google Forms. [...]

Google Searches Expose Stolen Corporate Credentials

A phishing campaign spoofs Xerox notifications to lure victims into clicking on malicious HTML attachments. [...]

Microsoft Edge Adds Password Generator, Drops Support for Flash, FTP

Microsoft has shipped the stable version of the Microsoft Edge 88 browser, featuring a brand new Password Generator and the ability to alert on compromised credentials.   The browser refresh also drops support for the FTP protocol and for the Adobe Flash plugin. read more [...]

Biden Orders Intelligence Agencies to Assess SolarWinds Hack

Just days into his leadership role, U.S. President Joe Biden has instructed U.S. intelligence agencies to provide him with a detailed assessment of the SolarWinds hack, which fueled a global cyber espionage campaign impacting many high-profile government agencies and businesses. read more [...]

Intel's Early Earnings Release Triggered by Hack

U.S. chip-making giant Intel Corp. has acknowledged a website hack and premature data disclosure forced the early release of its earnings report for the fourth quarter of 2020. read more [...]

Sophos: Crypto-Jacking Campaign Linked to Iranian Company

An Iran-based software company is likely behind a recently identified crypto-jacking campaign targeting SQL servers, according to a report by British anti-malware vendor Sophos. read more [...]

QNAP Warns NAS Users of 'dovecat' Malware Attacks

QNAP this week warned users of attacks targeting QNAP NAS (network-attached storage) devices with a piece of malware named “dovecat.” read more [...]

Thousands of Unprotected RDP Servers Can Be Abused for DDoS Attacks

Cybercriminals have been abusing unprotected servers running Microsoft’s Remote Desktop Protocol (RDP) service to launch distributed denial-of-service (DDoS) attacks, application and network performance management company NETSCOUT warned this week. read more [...]

Enterprise Credentials Publicly Exposed by Cybercriminals

Cybercriminals behind a successful phishing campaign have exposed more than 1,000 corporate employee credentials on the Internet, according to a warning from security vendor Check Point. read more [...]

Drupal Updates Patch Another Vulnerability Related to Archive Files

Security updates released this week by the developers of the Drupal content management system (CMS) patch a vulnerability identified in a third-party library. read more [...]

Multi-Cloud Network Security Provider Valtix Raises $12.5 Million

Multi-cloud network security platform provider Valtix on Thursday announced that it raised $12.5 million in strategic funding. read more [...]

Microsoft Details OPSEC, Anti-Forensic Techniques Used by SolarWinds Hackers

Microsoft on Wednesday released another report detailing the activities and the methods of the threat actor behind the attack on IT management solutions firm SolarWinds, including their malware delivery methods, anti-forensic behavior, and operational security (OPSEC). read more [...]

Cisco Patches Critical Vulnerabilities in SD-WAN, DNA Center, SSMS Products

Cisco this week released patches to address a significant number of vulnerabilities across its product portfolio, including several critical flaws in SD-WAN products, DNA Center, and Smart Software Manager Satellite (SSMS). read more [...]

Amazon Awards $18,000 for Exploit Allowing Kindle E-Reader Takeover

Amazon has awarded an $18,000 bug bounty for an exploit chain that could have allowed an attacker to take complete control of a Kindle e-reader simply by knowing the targeted user’s email address. read more [...]

Scanning Activity Detected After Release of Exploit for Critical SAP SolMan Flaw

A Russian researcher has made public on GitHub a functional exploit targeting a critical vulnerability that SAP patched in its Solution Manager product in March 2020. read more [...]

'LuckyBoy' Malvertising Campaign Hits iOS, Android, XBox Users

A recently identified malvertising campaign targeting mobile and other connected devices users makes heavy use of obfuscation and cloaking to avoid detection. read more [...]

In a Remote Work Era, a People-First Approach Keeps Threat Intelligence Teams on Track

Far Too Many Organizations Are Still Failing to Develop Intelligence Requirements Based on the Needs of Their Stakeholders read more [...]

Snort 3 Becomes Generally Available

Snort 3 was officially released on Tuesday and users have been advised to switch to Snort 3 from any previous version of the popular intrusion prevention and intrusion detection system (IPS/IDS). read more [...]

Oracle's January 2021 CPU Contains 329 New Security Patches

Oracle this week announced the availability of its first cumulative set of security fixes for 2021, which includes a total of 329 new patches. read more [...]

Ransomware Took Heavy Toll on US in 2020: Researchers

Ransomware attacks took a heavy toll on the United States last year with more than 2,000 victims in government, education and health care, security researchers say in a new report. read more [...]

Chrome 88 Drops Flash, Patches Critical Vulnerability

Google has released Chrome 88 to the stable channel with several security improvements inside, including patches for 36 vulnerabilities, one of which is rated critical severity, and dropped support for Adobe Flash. read more [...]

New 'FreakOut' Malware Ensnares Linux Devices Into Botnet

A recently identified piece of malware is targeting Linux devices to ensnare them into a botnet capable of malicious activities such as distributed denial of service (DDoS) and crypto-mining attacks. read more [...]

KindleDrip exploit – Hacking a Kindle device with a simple email

KindleDrip: Amazon addressed a number of flaws affecting the Kindle e-reader that could have allowed an attacker to take control of victims’ devices. Security experts at Realmode Labs discovered multiple vulnerabilities in the Kindle e-reader that could have allowed an attacker to take over victims’ devices. The researchers noticed that the “Send to Kindle” feature allows Kindle […] The post KindleDrip exploit – Hacking a Kindle device with a simple email appeared first on Security Affairs. [...]

Data of 2 million MyFreeCams users sold on a hacker forum

A threat actor was offering for sale on a hacker forum data from 2 million users allegedly stolen from the adult streaming site MyFreeCams. A threat actor was offering for sale on a hacker forum a database containing user records allegedly stolen from the adult streaming site MyFreeCams. MyFreeCams it’s one of the top adult […] The post Data of 2 million MyFreeCams users sold on a hacker forum appeared first on Security Affairs. [...]

Abusing Windows RDP servers to amplify DDoS attacks

Threat actors are abusing Windows Remote Desktop Protocol (RDP) servers to amplify Distributed Denial of Service (DDoS) attacks. Attackers are abusing Windows Remote Desktop Protocol (RDP) servers to amplify Distributed Denial of Service (DDoS) attacks. The Microsoft Remote Desktop Protocol (RDP) is a built-in service in Microsoft Windows operating systems that provides authenticated remote virtual […] The post Abusing Windows RDP servers to amplify DDoS attacks appeared first on Security Affairs. [...]

Drupal development team released security updates to address a vulnerability that resides in the PEAR Archive_Tar third-party library. The Drupal development team has released security updates to address the CVE-2020-36193 vulnerability in the PEAR Archive_Tar third-party library. The PEAR Archive_Tar class provides handling of tar files in PHP. It supports creating, listing, extracting, and adding […] The post Drupal fixed a new flaw related PEAR Archive_Tar library appeared first on Security Affairs. [...]

QNAP is warning customers of a new piece of malware dubbed Dovecat that is targeting NAS devices to mine cryptocurrency. Taiwanese vendor QNAP has published a security advisory to warn customers of a new piece of malware named Dovecat that is targeting NAS devices. The malware was designed to abuse NAS resources and mine cryptocurrency. The malware […] The post Dovecat crypto-miner is targeting QNAP NAS devices appeared first on Security Affairs. [...]

Passwords stolen via phishing campaign available through Google search

Bad ops of operators of a phishing campaign exposed credentials stolen in attacks and made them publicly available through Google queries.  Check Point Research along with experts from cybersecurity firm Otorio shared details on their investigation into a large-scale phishing campaign that targeted thousands of global organizations. The campaign has been active since August, the attackers […] The post Passwords stolen via phishing campaign available through Google search appeared first on Security Affairs. [...]

Experts warn of scanning activity for critical SAP SolMan flaw after the release of exploit

Experts warn of automated scanning activity for servers affected by a critical SAP SolMan flaw after the release of an exploit code. Experts warn of an automated scanning activity for servers affected by vulnerabilities in SAP software, attackers started probing the systems after the release of an exploit for the critical CVE-2020-6207 flaw in SAP Solution Manager […] The post Experts warn of scanning activity for critical SAP SolMan flaw after the release of exploit appeared first on Security Affairs. [...]

SolarWinds Attack: Microsoft sheds lights into Solorigate second-stage activation

Microsoft’s report provides details of the entire SolarWinds attack chain with a deep dive in the second-stage activation of malware and tools. Microsoft published a new report that includes additional details of the SolarWinds supply chain attack. The new analysis shad lights on the handover from the Solorigate DLL backdoor to the Cobalt Strike loader. […] The post SolarWinds Attack: Microsoft sheds lights into Solorigate second-stage activation appeared first on Security Affairs. [...]

Cisco fixed multiple flaws in Cisco SD-WAN products that could allow an unauthenticated, remote attacker to execute attacks against its devices. Cisco released security updates to address multiple flaws in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against vulnerable devices. These vulnerabilities impact devices running the following Cisco SD-WAN Software: IOS XE SD-WAN […] The post Cisco fixed multiple flaws in Cisco SD-WAN products and Smart Software Manager Satellite Web UI appeared first on Security Affairs. [...]

Logic bugs found in popular apps, including Signal and FB Messenger

Flaws in popular messaging apps, such as Signal and FB Messenger allowed to force a target device to transmit audio to an attacker device. Google Project Zero security researcher Natalie Silvanovich found multiple flaws in popular video conferencing apps such as Signal and FB Messenger, that allowed to force a target device to transmit audio […] The post Logic bugs found in popular apps, including Signal and FB Messenger appeared first on Security Affairs. [...]

Cyber Security Today Week In Review for Friday January 22, 2021

This podcast includes a discussion with Dinah Davis of Arctic Wolf on how to stop account takeovers through password managers and two-factor authentication The post Cyber Security Today Week In Review for Friday January 22, 2021 first appeared on IT World Canada. [...]

How the SolarWinds hackers hid their work

Microsoft says attackers used 'painstaking planning' to avoid detection The post How the SolarWinds hackers hid their work first appeared on IT World Canada. [...]

3 tenets of a strong remote culture – Harvard Business Review

In our last curation, Hailley Griffis talked about what applicants should look for during the job interview to gauge a company’s remote culture. We now revisit the topic from a company’s perspective: what are the secrets to a strong remote culture? In his Harvard Business Review article, Nicholas Lovegrove, professor of practice management at Georgetown… The post 3 tenets of a strong remote culture – Harvard Business Review first appeared on IT World Canada. [...]

Cyber Security Today – Stolen data given away, the price of stolen data, computers for kids infected and patch these SAP and Cisco applications.

This morning's podcast reports on stolen data being offered for free to a hacker forum, how much is stolen data is worth, and malware found on computers in UK schools The post Cyber Security Today – Stolen data given away, the price of stolen data, computers for kids infected and patch these SAP and Cisco applications. first appeared on IT World Canada. [...]

Hashtag Trending – Bizarre facial recognition proposal in India; White House calls for coders; Ajit Pai’s final report

A proposal to install facial recognition cameras in an Indian city draws backlash, a stealthy call for coders has been found on the White House’s website, and Ajit Pai’s final report deserves an eye-roll. The post Hashtag Trending – Bizarre facial recognition proposal in India; White House calls for coders; Ajit Pai’s final report first appeared on IT World Canada. [...]

Malwarebytes hit by same group that compromised SolarWinds

Malwarebytes has become the latest technology provider to admit it was hit by the same threat actor that compromised SolarWinds. The post Malwarebytes hit by same group that compromised SolarWinds first appeared on IT World Canada. [...]

Starlink satellite internet grants instant sign-up for eligible Canadians

Some Canadians can now immediately sign up for Starlink's satellite internet service. The post Starlink satellite internet grants instant sign-up for eligible Canadians first appeared on IT World Canada. [...]

Citrix buys Wrike for $2.25 billion

Citrix has entered into an agreement to acquire Wrike, an online project planning tool, for US$2.25 billion in cash. The post Citrix buys Wrike for $2.25 billion first appeared on IT World Canada. [...]

Canadian commercial real estate services firm acknowledges cyberattack

The Netfilim ransomware group is claiming responsibility for the hack on Colliers International and has posted what it says is stolen data as proof The post Canadian commercial real estate services firm acknowledges cyberattack first appeared on IT World Canada. [...]

Hashtag Trending – Researchers dig into Facebook’s role in Capitol attack; Netflix hits 200M; Wikipiedia hits 1B

Capitol attack has been brewing for months on Facebook, Netflix reaches 200 million subscribers, and Wikipedia reaches its billionth edit. The post Hashtag Trending – Researchers dig into Facebook’s role in Capitol attack; Netflix hits 200M; Wikipiedia hits 1B first appeared on IT World Canada. [...]

Stronger cybersecurity starts with one word: agility

Rather than simply resolve to be “more agile" security leads should focus their efforts on two core areas where agility can be a critical difference-maker. The post Stronger cybersecurity starts with one word: agility first appeared on IT World Canada. [...]

Joe Biden’s cybersecurity priorities: Fixing damage from SolarWinds attack, working with allies

We interview two American and one Canadian expert on what to expect from the new administration The post Joe Biden’s cybersecurity priorities: Fixing damage from SolarWinds attack, working with allies first appeared on IT World Canada. [...]

Less than a quarter of Canadians trust big business, forcing corporations to prioritize where it matters

Experts during a recent ITWC webinar share their insights into what corporations have to do to gain and maintain trust from Canadians. The post Less than a quarter of Canadians trust big business, forcing corporations to prioritize where it matters first appeared on IT World Canada. [...]

Another supply chain attack: Infected IObit promotion installs ransomware

As in the SolarWinds attack, a compromised DLL allowed malware to be installed on victims' computers The post Another supply chain attack: Infected IObit promotion installs ransomware first appeared on IT World Canada. [...]

Cyber Security Today – Why good passwords aren’t enough, COVID vaccine documents altered in hack, and intimate photos found unprotected.

Today's podcast reports on the hack of a software firm's forum administrator account, COVID vaccine documents altered in a hack intimate photos from a discontinued app found unprotected and a warning about dating apps The post Cyber Security Today – Why good passwords aren’t enough, COVID vaccine documents altered in hack, and intimate photos found unprotected. first appeared on IT World Canada. [...]

Hashtag Trending – Parler survives; FBI investigates looks into stolen laptop from Capitol assault; Empty Toronto office

Parler is partially running again with the help of a Russian tech firm, the FBI looks into a stolen laptop from the Capitol assault, and office vacancies in downtown Toronto are on a rise. The post Hashtag Trending – Parler survives; FBI investigates looks into stolen laptop from Capitol assault; Empty Toronto office first appeared on IT World Canada. [...]

How do you know if a company has a good remote work culture? – Built In

Today job applicants can only rely on the interviewer's words and Glassdoor ratings. Without a chance to personally examine the workplace, how can one be sure that the company has an upstanding remote culture? The post How do you know if a company has a good remote work culture? – Built In first appeared on IT World Canada. [...]

Distributel acquires telecom provider Primus

Distributel acquires Primus from Fusion Connect for an undisclosed amount. The post Distributel acquires telecom provider Primus first appeared on IT World Canada. [...]

Security is everyone’s priority

By Dana Mitchell, Director, Cybersecurity Solutions Group, Microsoft Canada Digital transformation, cloud computing and a sophisticated threat landscape are forcing everyone to rethink the roles that each individual within an organization has in defending against cyber threats. With billions of people around the globe working from home, changes to the daily practice of cybersecurity are… The post Security is everyone’s priority first appeared on IT World Canada. [...]

Researchers flag fourth piece of malware seen in SolarWinds hack and detail how Microsoft 365 got exploited

Symantec says the most recently discovered malware was used in a limited number of cases to move laterally and deploy payloads on other computers. The post Researchers flag fourth piece of malware seen in SolarWinds hack and detail how Microsoft 365 got exploited first appeared on IT World Canada. [...]

Choosing an MSP: Cymax Group case study

This is the last in a series of three articles sponsored by Ricoh looking at how different companies facing transformation evaluate their MSP options. The variety of services MSPs provide can range from the monitoring IT networks to being responsible for all repairs, updates and patches, as well as providing new software, hardware, infrastructure, cloud… The post Choosing an MSP: Cymax Group case study first appeared on IT World Canada. [...]

Hashtag Trending – DuckDuckGo hits milestone; Snapchat handing out cash; Tech withdrawal

DuckDuckGo reaches a milestone of 100 million daily search queries, Snapchat is giving out big bucks, and experts predict that kids will face a tech withdrawal once life returns to “normal.” The post Hashtag Trending – DuckDuckGo hits milestone; Snapchat handing out cash; Tech withdrawal first appeared on IT World Canada. [...]

The wackiest (and a few not so wacky) gadgets from CES 2021

As per tradition, here are 10 wacky gadgets from this year’s CES event. The post The wackiest (and a few not so wacky) gadgets from CES 2021 first appeared on IT World Canada. [...]

Cyber Security Today – More COVID scams, reporter tricked by phony Harvard job offer, and Uber wins and Twitter loses in Canadian courts

Today's podcast reports on COVID scams aimed at executives, how a reporter was tricked by a phony Harvard job offer, and why temporarily Uber won and Twitter lost in Canadian courts The post Cyber Security Today – More COVID scams, reporter tricked by phony Harvard job offer, and Uber wins and Twitter loses in Canadian courts first appeared on IT World Canada. [...]

Hashtag Trending – Honey-trapping Capitol rioters; Remote worker-boom attracts real estate startups; Vaccine passports

Capitol rioters are now getting turned in to the FBI by some creative women using the Bumble dating app, the remote worker boom is attracting real estate startups, and some chatter around whether or not vaccine passports will work. The post Hashtag Trending – Honey-trapping Capitol rioters; Remote worker-boom attracts real estate startups; Vaccine passports first appeared on IT World Canada. [...]

Training Transformers for Cyber Security Tasks: A Case Study on
Malicious URL Prediction

Highlights        Perform a case study on using Transformer models to solve cyber security problems Train a Transformer model to detect malicious URLs under multiple training regimes Compare our model against other deep learning methods, and show it performs on-par with other top-scoring models Identify issues with applying generative pre-training to malicious URL detection, which is a cornerstone of Transformer training in natural language processing (NLP) tasks Introduce novel loss function that balances classification and generative loss to achieve improved performance on the malicious URL detection task Introduction Over the past three years Transformer machine learning (ML) models,… [...]

Emulation of Kernel Mode Rootkits With Speakeasy

In August 2020, we released a blog post about how the Speakeasy emulation framework can be used to emulate user mode malware such as shellcode. If you haven’t had a chance, give the post a read today. In addition to user mode emulation, Speakeasy also supports emulation of kernel mode Windows binaries. When malware authors employ kernel mode malware, it will often be in the form of a device driver whose end goal is total compromise of an infected system. The malware most often doesn’t interact with hardware and instead leverages kernel mode to fully compromise the system and remain… [...]

In December 2020, FireEye uncovered and publicly disclosed a widespread attacker campaign that is being tracked as UNC2452. In some, but not all, of the intrusions associated with this campaign where Mandiant has visibility, the attacker used their access to on-premises networks to gain unauthorized access to the victim’s Microsoft 365 environment. Goals and Objectives Methodologies that UNC2452 and other threat actors have used to move laterally from on-premises networks to the Microsoft 365 cloud have been detailed in our white paper, Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452. The paper also discusses how organizations can… [...]

Excelerating Analysis – Tips and Tricks to Analyze Data with Microsoft Excel

Incident response investigations don’t always involve standard host-based artifacts with fully developed parsing and analysis tools. At FireEye Mandiant, we frequently encounter incidents that involve a number of systems and solutions that utilize custom logging or artifact data. Determining what happened in an incident involves taking a dive into whatever type of data we are presented with, learning about it, and developing an efficient way to analyze the important evidence. One of the most effective tools to perform this type of analysis is one that is in almost everyone’s toolkit: Microsoft Excel. In this article we will detail some tips… [...]

SUNBURST Additional Technical Details

FireEye has discovered additional details about the SUNBURST backdoor since our initial publication on Dec. 13, 2020. Before diving into the technical depth of this malware, we recommend readers familiarize themselves with our blog post about the SolarWinds supply chain compromise, which revealed a global intrusion campaign by a sophisticated threat actor we are currently tracking as UNC2452. SUNBURST is a trojanized version of a digitally signed SolarWinds Orion plugin called SolarWinds.Orion.Core.BusinessLayer.dll. The plugin contains a backdoor that communicates via HTTP to third party servers. After an initial dormant period of up to two weeks, SUNBURST may retrieve and execute commands… [...]

Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise
Multiple Global Victims With SUNBURST Backdoor

Executive Summary We have discovered a global intrusion campaign. We are tracking the actors behind this campaign as UNC2452. FireEye discovered a supply chain attack trojanizing SolarWinds Orion business software updates in order to distribute malware we call SUNBURST.  The attacker’s post compromise activity leverages multiple techniques to evade detection and obscure their activity, but these efforts also offer some opportunities for detection. The campaign is widespread, affecting public and private organizations around the world. FireEye is releasing signatures to detect this threat actor and supply chain attack in the wild. These are found on our public GitHub page. FireEye… [...]

Overview A highly sophisticated state-sponsored adversary stole FireEye Red Team tools. Because we believe that an adversary possesses these tools, and we do not know whether the attacker intends to use the stolen tools themselves or publicly disclose them, FireEye is releasing hundreds of countermeasures with this blog post to enable the broader security community to protect themselves against these tools. We have incorporated the countermeasures in our FireEye products—and shared these countermeasures with partners, government agencies—to significantly limit the ability of the bad actor to exploit the Red Team tools. You can find a list of the countermeasures on… [...]

Andrew Davis recently announced the public release of his new Windows emulation framework named Speakeasy. While the introductory blog post focused on using Speakeasy as an automated malware sandbox of sorts, this entry will highlight another powerful use of the framework: automated malware unpacking. I will demonstrate, with code examples, how Speakeasy can be used programmatically to: Bypass unsupported Windows APIs to continue emulation and unpacking Save virtual addresses of dynamically allocated code using API hooks Surgically direct execution to key areas of code using code hooks Dump an unpacked PE from emulator memory and fix its section headers Aid… [...]

Election Cyber Threats in the Asia-Pacific Region

In democratic societies, elections are the mechanism for choosing heads of state and policymakers. There are strong incentives for adversary nations to understand the intentions and preferences of the people and parties that will shape a country's future path and to reduce uncertainty about likely winners. Mandiant Threat Intelligence regularly observes cyber espionage operations we believe to be seeking election-related information targeting governments, civil society, media, and technology organizations around the globe. We have also seen disruptive and destructive cyber attacks and propaganda campaigns seeking to undermine targeted governments and influence the outcomes of electoral contests. The 2020 U.S. elections… [...]

Head Fake: Tackling Disruptive Ransomware Attacks

Within the past several months, FireEye has observed financially-motivated threat actors employ tactics that focus on disrupting business processes by deploying ransomware in mass throughout a victim’s environment. Understanding that normal business processes are critical to organizational success, these ransomware campaigns have been accompanied with multi-million dollar ransom amounts. In this post, we’ll provide a technical examination of one recent campaign that stems back to a technique that we initially reported on in April 2018. Between May and September 2019, FireEye responded to multiple incidents involving a financially-motivated threat actor who leveraged compromised web infrastructure to establish an initial foothold… [...]

COOKIEJAR: Tracking Adversaries With FireEye Endpoint Security’s Logon
Tracker Module

During a recent investigation at a telecommunications company led by Mandiant Managed Defense, our team was tasked with rapidly identifying systems that had been accessed by a threat actor using legitimate, but compromised domain credentials. This sometimes-challenging task was made simple because the customer had enabled the Logon Tracker module within their FireEye Endpoint Security product. Logon Tracker is an Endpoint Security Innovation Architecture module designed to simplify the investigation of lateral movement within Windows enterprise environments. Logon Tracker improves the efficiency of investigating lateral movement by aggregating historical logon activity and provides a mechanism to monitor for new activity.… [...]

Hard Pass: Declining APT34’s Invite to Join Their Professional Network

Background With increasing geopolitical tensions in the Middle East, we expect Iran to significantly increase the volume and scope of its cyber espionage campaigns. Iran has a critical need for strategic intelligence and is likely to fill this gap by conducting espionage against decision makers and key organizations that may have information that furthers Iran's economic and national security goals. The identification of new malware and the creation of additional infrastructure to enable such campaigns highlights the increased tempo of these operations in support of Iranian interests. FireEye Identifies Phishing Campaign In late June 2019, FireEye identified a phishing campaign… [...]

CertUtil Qualms: They Came to Drop FOMBs

This blog post covers an interesting intrusion attempt that Mandiant Managed Defense thwarted involving the rapid weaponization of a recently disclosed vulnerability combined with the creative use of WMI compiled “.bmf” files and CertUtil for obfuscated execution. This intrusion attempt highlights a number of valuable lessons in security, chiefly: attackers work fast – faster than many security teams can react. Additionally, patching complex software environments while keeping the business operational makes it difficult to keep pace with attackers exploiting vulnerabilities, especially when these truths are coupled with rapid exploitation with innovative obfuscation methods utilizing the operating systems own feature set against it. Everybody’s Working for… [...]

WOW64!Hooks: WOW64 Subsystem Internals and Hooking Techniques

Microsoft is known for their backwards compatibility. When they rolled out the 64-bit variant of Windows years ago they needed to provide compatibility with existing 32-bit applications. In order to provide seamless execution regardless of application bitness, the WoW (Windows on Windows) system was coined. This layer, which will be referred to as ‘WOW64’ from here on out, is responsible for translating all Windows API calls from 32-bit userspace to the 64-bit operating system kernel. This blog post is broken up into two sections. First we start by diving deep into the WOW64 system. To do this, we trace a… [...]

Unhappy Hour Special: KEGTAP and SINGLEMALT With a Ransomware Chaser

Throughout 2020, ransomware activity has become increasingly prolific, relying on an ecosystem of distinct but co-enabling operations to gain access to targets of interest before conducting extortion. Mandiant Threat Intelligence has tracked several loader and backdoor campaigns that lead to the post-compromise deployment of ransomware, sometimes within 24 hours of initial compromise. Effective and fast detection of these campaigns is key to mitigating this threat. The malware families enabling these attacks previously reported by Mandiant to intelligence subscribers include KEGTAP/BEERBOT, SINGLEMALT/STILLBOT and WINEKEY/CORKBOT. While these malware families communicate with the same command and control infrastructure (C2) and are close to… [...]

Live off the Land? How About Bringing Your Own Island? An Overview of UNC1945

Through Mandiant investigation of intrusions, the FLARE Advanced Practices team observed a group we track as UNC1945 compromise managed service providers and operate against a tailored set of targets within the financial and professional consulting industries by leveraging access to third-party networks (see this blog post for an in-depth description of “UNC” groups). UNC1945 targeted Oracle Solaris operating systems, utilized several tools and utilities against Windows and Linux operating systems, loaded and operated custom virtual machines, and employed techniques to evade detection. UNC1945 demonstrated access to exploits, tools and malware for multiple operating systems, a disciplined interest in covering or… [...]

In Wild Critical Buffer Overflow Vulnerability in Solaris Can Allow
Remote Takeover — CVE-2020-14871

FireEye Mandiant has been investigating compromised Oracle Solaris machines in customer environments. During our investigations, we discovered an exploit tool on a customer’s system and analyzed it to see how it was attacking their Solaris environment. The FLARE team’s Offensive Task Force analyzed the exploit to determine how it worked, reproduced the vulnerability on different versions of Solaris, and then reported it to Oracle. In this blog post we present a description of the vulnerability, offer a quick way to test whether a system may be vulnerable, and suggest mitigations and workarounds. Mandiant experts from the FLARE team will provide more… [...]

UPDATE (Oct. 30, 2020): We have updated the report to include additional protection and containment strategies based on front-line visibility and response efforts in combating ransomware. While the full scope of recommendations included within the initial report remain unchanged, the following strategies have been added into the report: Windows Firewall rule configurations to block specific binaries from establishing outbound connections from endpoints Domain Controller isolation and recovery planning steps Proactive GPO permissions review and monitoring guidance Ransomware is a global threat targeting organizations in all industries. The impact of a successful ransomware event can be material to an organization - including… [...]

Welcome to ThreatPursuit VM: A Threat Intelligence and Hunting Virtual Machine

Skilled adversaries can deceive detection and often employ new measures in their tradecraft. Keeping a stringent focus on the lifecycle and evolution of adversaries allows analysts to devise new detection mechanisms and response processes. Access to the appropriate tooling and resources is critical to discover these threats within a timely and accurate manner. Therefore, we are actively compiling the most essential software packages into a Windows-based distribution: ThreatPursuit VM. ThreatPursuit Virtual Machine (VM) is a fully customizable, open-sourced Windows-based distribution focused on threat intelligence analysis and hunting designed for intel and malware analysts as well as threat hunters to get… [...]

Flare-On 7 Challenge Solutions

We are thrilled to announce the conclusion of the seventh annual Flare-On challenge. This year proved to be the most difficult challenge we’ve produced, with the lowest rate of finishers. This year’s winners are truly the elite of the elite! Lucky for them, all 260 winners will receive this cyberpunk metal key. We would like to thank the challenge authors individually for their great puzzles and solutions: fidler – Nick Harbour (@nickharbour) garbage – Jon Erickson Wednesday – Blaine Stancill (@MalwareMechanic) report – Moritz Raabe (@m_r_tz) TKApp – Moritz Raabe (@m_r_tz) CodeIt – Mike Hunhoff (@mehunhoff) re_crowd – Chris Gardner,… [...]

FIN11: Widespread Email Campaigns as Precursor for Ransomware and Data Theft

Mandiant Threat Intelligence recently promoted a threat cluster to a named FIN (or financially motivated) threat group for the first time since 2017. We have detailed FIN11's various tactics, techniques and procedures in a report that is available now by signing up for Mandiant Advantage Free. In some ways, FIN11 is reminiscent of APT1; they are notable not for their sophistication, but for their sheer volume of activity. There are significant gaps in FIN11’s phishing operations, but when active, the group conducts up to five high-volume campaigns a week. While many financially motivated threat groups are short lived, FIN11 has been conducting… [...]

Detecting Microsoft 365 and Azure Active Directory Backdoors

Mandiant has seen an uptick in incidents involving Microsoft 365 (M365) and Azure Active Directory (Azure AD). Most of these incidents are the result of a phishing email coercing a user to enter their credentials used for accessing M365 into a phishing site. Other incidents have been a result of password spraying, password stuffing, or simple brute force attempts against M365 tenants. In almost all of these incidents, the user or account was not protected by multi-factor authentication (MFA). These opportunistic attacks are certainly the most common form of compromise for M365 and Azure AD, and are usually the initial… [...]

Fuzzing Image Parsing in Windows, Part One: Color Profiles

Image parsing and rendering are basic features of any modern operating system (OS). Image parsing is an easily accessible attack surface, and a vulnerability that may lead to remote code execution or information disclosure in such a feature is valuable to attackers. In this multi-part blog series, I am reviewing Windows OS’ built-in image parsers and related file formats: specifically looking at creating a harness, hunting for corpus and fuzzing to find vulnerabilities. In part one of this series I am looking at color profiles—not an image format itself, but something which is regularly embedded within images.  What is an ICC Color Profile? Wikipedia provides a more-than-adequate… [...]

APT41: A Dual Espionage and Cyber Crime Operation

Today, FireEye Intelligence is releasing a comprehensive report detailing APT41, a prolific Chinese cyber threat group that carries out state-sponsored espionage activity in parallel with financially motivated operations. APT41 is unique among tracked China-based actors in that it leverages non-public malware typically reserved for espionage campaigns in what appears to be activity for personal gain. Explicit financially-motivated targeting is unusual among Chinese state-sponsored threat groups, and evidence suggests APT41 has conducted simultaneous cyber crime and cyber espionage operations from 2014 onward. The full published report covers historical and ongoing activity attributed to APT41, the evolution of the group’s tactics, techniques, and procedures (TTPs),… [...]

5/31/18 Androids with Pre-installed Malware & The Markley Quiz [...]

5/31/18 New Speculative Execution Vulnerability [...]

5/24/18 Satori scanning for Etherium mining rigs [...]

5/17/18 GandCrab Hides on Legitimate Websites [...]

4/26/18 Book Review: The Car Hacker’s Handbook by Craig Smith [...]