Two more ransomware groups seem to vanish from the Internet, in another possible aftershock of Colonial's cyberattack, as Reuters states. According to Allan Liska, a researcher with cybersecurity company Recorded Future, the websites, operated by groups called "AKO" and "Everest," seem to be show more ...
inaccessible from the weekend. She also said that “it’s unusual to see two of the bigger names go down for 24 hours” “That makes me think it’s a conscious choice to take their site offline”. This action follows the aftermath of DarkSide's attack which powered off the United States' largest fuel pipeline network. This popular cybercrim... (read more)
A new privacy breach related to home CCTV systems was spotted on Reddit by a Eufy cam owner. A massive breach of Eufy's privacy has revealed a total stranger live and filmed camera feed. Full access to the account includes the control of pan-and-panel cameras. After it was reported, the issue was confirmed show more ...
by many other users living in different geographical zones. A user from New Zeeland noticed that none of the ... (read more)
DarkSide, the group behind the Colonial Pipeline cyberattack that generated fuel shortages and price increases across the United States, is shutting down. This may be due to pressure from the US government. The cybercriminals' group blog, that was used for naming and shaming, as well as the website used for show more ...
ransom and CDN, were all confiscated. Unidentified users transferred funds from their cryptocurrency wallet to unknown accounts. DarkSide reported the events in a message posted and spread on a few hacking websites. Dmitry Dmitry Smilyanets, a security analyst with Recorded Future Threat Intelligence, was the first to notice the post. DarkSide stated “We lost access to the public part of our infrastructure, in particular to the blog, payment server, CD... (read more)
According to the Wall Street Journal, DarkSide, the group responsible for shutting down Colonial Pipeline, declared their breakup, citing cybersecurity firms FireEye and Intel 471. Since Thursday, May 13, the DarkSide website has been unavailable. The Eastern European hacking group has thus confirmed to its show more ...
associates that it has lost access to its infrastructures. Among the reasons, they mentioned a specific agency belonging to the U.S. Government but also the pressure exerted by the country overall. Nevertheless, it is diff... (read more)
According to ESET, popular Android stalkerware apps are loaded with vulnerabilities that endanger victims and expose the privacy and security of the snoopers themselves. Mobile stalkerware, also known as spouseware, is a type of software that is used for silent monitoring. More often than not, they are installed show more ...
onto a victim's smartphone without the their awareness. As you probably guessed, the stalker must have physical access to the victim's device in order to side-load the stalkerware. Since it requires physical contact with a device, stalkers are typically members of their victims' family, social or professional circles. According to We Live Security's telemetry, such apps have grown in popularity over the last few years. Based on the report, there were 5 times as many Android stalkerware in 2019 compared to 2018,... (read more)
If endless notifications from messaging apps, games, and social networks keep breaking your concentration, filter the data stream on your iPhone or iPad to get rid of unnecessary notifications and properly configure the ones you actually want. Alerts you shouldn’t skip Setting up notifications on iOS devices show more ...
Turning off all notifications Setting up notifications from apps More tips for digital peace of mind Zen and nirvana Alerts you shouldn’t skip To protect your data (and money), it’s important to pay attention to several types of notifications. Operating system and app updates. Developers regularly close security holes in their products, but cybercriminals are constantly looking for devices on which such patches have not yet been installed. Critical alerts help you update in time and avoid falling victim to an attack. Notifications from bank apps. Although you shouldn’t disable text messages from banks, it’s safe to filter their apps’ push notifications. For example, you might want to opt out of promotional mailings, but you should probably keep receiving messages about payments, transfers, and login attempts. Messages from digital platforms. Well-equipped gaming accounts are hot stuff on the black market. The same goes for airline, store, and similar loyalty program accounts. As with online banking, you need to watch out for messages about password reset attempts and other suspicious actions. Other notifications do not tend to require instant response, so they are safe to turn off. Here’s how to do that on an iPhone or iPad (see tips for other devices here). Setting up notifications on iPhone and iPad The easiest way to cut yourself off from the outside world is by activating silent mode. To enable it, simply slide the switch on the side of the device so that the orange mark is visible. In silent mode, ringtones and notification sounds are off, but alarms and vibrations stay on. To turn off notification vibrations as well: Open Settings, Go to Sounds & Haptics or Sounds, Toggle off the switches for Vibrate on Ring and Vibrate on Silent. Turning off all notifications Now, we’ll examine some of your device’s more advanced features for adapting to your lifestyle. If you want to spend some time in total silence, enable Do Not Disturb mode, which keeps your phone from distracting you with calls or messages. Alarms still work in DND mode, so you can safely activate the feature before going to bed and not worry about being late for work in the morning. To enable Do Not Disturb mode, pull up the Control Center and tap the crescent moon icon. Hold it down to adjust the duration. You can also access DND in the device’s settings, under Notifications, and set a Do Not Disturb mode schedule as well. On the same screen, you can allow incoming calls from certain contacts when in Do Not Disturb mode, as well as calls that come in more than once in quick succession: Tap Allow Calls From to allow calls from selected caller groups; To add a number to this list, select a contact and tap Add to Favorites; Toggle the green switch for Repeated Calls to see notifications if someone tries to call you several times in a row. You can also turn on automatic replies so that the iPhone answers people who try to contact you. To do so, tap Auto-Reply and write what you want it to say. The default message says you are driving. To specify who will receive these messages, tap Auto-Reply To and select: No One, Favorites, All Contacts, or Recents. Setting up app notifications Instead of choosing all or nothing, you can adjust each app’s notification settings separately. For example, you can choose pop-up banners but no beep, dot-style badges with the number of missed messages, or any other combination. Open Settings, then Notifications, and scroll down to the list of apps to get started. You can instead opt to configure alerts as they come in, for example, through notifications on a locked device, in the Notification Center, or through banners that appear at the top of the screen. In the first two cases, swipe the notification to the left and then select Manage. In the third, pull the banner down and tap Do not disturb or the three dots in the upper right corner. In the window that opens, you will see two options: Deliver Quietly mutes messages from this app and does not display them on the lock screen. In this mode, notifications collect in the Notification Center, which you can open by swiping down from the top of the screen or up from the middle of the screen on the locked device. Turn Off… — the name speaks for itself: Notifications from this app will be completely banned. To enable them again, go to Notifications, select the app in the list, and toggle the green Allow notifications switch. Another important Notification option, Show Previews controls message previews. Hide those previews to keep anyone from viewing bits of your messages or calendar items if the device is locked (or at all). More tips for digital peace of mind Still distracted? Time to amp up the control. Open Settings, find Screen Time mode, and tap Turn On Screen Time. Screen Time includes useful features such as: Statistics to show how much time you spend on different apps and websites; Downtime mode, which temporarily blocks all apps on the iPhone or iPad, except for those you add to the Always Allowed exception list under Screen Time. Phone calls remain available. App Limits helps users cut down on time spent on social media or gaming by enforcing a usage time limit, after which all programs in the selected category (social networks, games, entertainment, etc.) will stop working. To block one app but not another in the same category, you must also add the latter to the Always allowed list. App limits reset every day at midnight. If you really need to use an app after exhausting the daily usage limit, you can temporarily lift the restriction or remove it altogether. To temporarily disable limits for a specific category, go to the category section and toggle the App Limit switch. To remove a limit, tap Delete Limit in the same place. Zen and nirvana That’s all you need to know about turning off notifications on iPhone and iPad, as well as the various options for managing them. And if you’re tired of notifications from browsers, turn them off as well (see Getting rid of browser notifications). For even more peace-of-mind tips, visit our Digital Comfort Zone.
In a Twitter discussion last week on ransomware attacks, KrebsOnSecurity noted that virtually all ransomware strains have a built-in failsafe designed to cover the backsides of the malware purveyors: They simply will not install on a Microsoft Windows computer that already has one of many types of virtual keyboards show more ...
installed — such as Russian or Ukrainian. So many readers had questions in response to the tweet that I thought it was worth a blog post exploring this one weird cyber defense trick. The Commonwealth of Independent States (CIS) more or less matches the exclusion list on an awful lot of malware coming out of Eastern Europe. The Twitter thread came up in a discussion on the ransomware attack against Colonial Pipeline, which earlier this month shut down 5,500 miles of fuel pipe for nearly a week, causing fuel station supply shortages throughout the country and driving up prices. The FBI said the attack was the work of DarkSide, a new-ish ransomware-as-a-service offering that says it targets only large corporations. DarkSide and other Russian-language affiliate moneymaking programs have long barred their criminal associates from installing malicious software on computers in a host of Eastern European countries, including Ukraine and Russia. This prohibition dates back to the earliest days of organized cybercrime, and it is intended to minimize scrutiny and interference from local authorities. In Russia, for example, authorities there generally will not initiate a cybercrime investigation against one of their own unless a company or individual within the country’s borders files an official complaint as a victim. Ensuring that no affiliates can produce victims in their own countries is the easiest way for these criminals to stay off the radar of domestic law enforcement agencies. Possibly feeling the heat from being referenced in President Biden’s Executive Order on cybersecurity this past week, the DarkSide group sought to distance itself from their attack against Colonial Pipeline. In a message posted to its victim shaming blog, DarkSide tried to say it was “apolitical” and that it didn’t wish to participate in geopolitics. “Our goal is to make money, and not creating problems for society,” the DarkSide criminals wrote last week. “From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.” But here’s the thing: Digital extortion gangs like DarkSide take great care to make their entire platforms geopolitical, because their malware is engineered to work only in certain parts of the world. DarkSide, like a great many other malware strains, has a hard-coded do-not-install list of countries which are the principal members of the Commonwealth of Independent States (CIS) — former Soviet satellites that all currently have favorable relations with the Kremlin, including Azerbaijan, Belarus, Georgia, Romania, Turkmenistan, Ukraine and Uzbekistan. The full exclusion list in DarkSide (published by Cybereason) is below: Image: Cybereason. Simply put, countless malware strains will check for the presence of one of these languages on the system, and if they’re detected the malware will exit and fail to install. [Side note. Many security experts have pointed to connections between the DarkSide and REvil (a.k.a. “Sodinokibi”) ransomware groups. REvil was previously known as GandCrab, and one of the many things GandCrab had in common with REvil was that both programs barred affiliates from infecting victims in Syria. As we can see from the chart above, Syria is also exempted from infections by DarkSide ransomware. And DarkSide itself proved their connection to REvil this past week when it announced it was closing up shop after its servers and bitcoin funds were seized.] CAVEAT EMPTOR Will installing one of these languages keep your Windows computer safe from all malware? Absolutely not. There is plenty of malware that doesn’t care where in the world you are. And there is no substitute for adopting a defense-in-depth posture, and avoiding risky behaviors online. But is there really a downside to taking this simple, free, prophylactic approach? None that I can see, other than perhaps a sinking feeling of capitulation. The worst that could happen is that you accidentally toggle the language settings and all your menu options are in Russian. If this happens (and the first time it does the experience may be a bit jarring) hit the Windows key and the space bar at the same time; if you have more than one language installed you will see the ability to quickly toggle from one to the other. The little box that pops up when one hits that keyboard combo looks like this: Cybercriminals are notoriously responsive to defenses which cut into their profitability, so why wouldn’t the bad guys just change things up and start ignoring the language check? Well, they certainly can and maybe even will do that (a recent version of DarkSide analyzed by Mandiant did not perform the system language check). But doing so increases the risk to their personal safety and fortunes by some non-trivial amount, said Allison Nixon, chief research officer at New York City-based cyber investigations firm Unit221B. Nixon said because of Russia’s unique legal culture, criminal hackers in that country employ these checks to ensure they are only attacking victims outside of the country. “This is for their legal protection,” Nixon said. “Installing a Cyrillic keyboard, or changing a specific registry entry to say ‘RU’, and so forth, might be enough to convince malware that you are Russian and off limits. This can technically be used as a ‘vaccine’ against Russian malware.” Nixon said if enough people do this in large numbers, it may in the short term protect some people, but more importantly in the long term it forces Russian hackers to make a choice: Risk losing legal protections, or risk losing income. “Essentially, Russian hackers will end up facing the same difficulty that defenders in the West must face — the fact that it is very difficult to tell the difference between a domestic machine and a foreign machine masquerading as a domestic one,” she said. KrebsOnSecurity asked Nixon’s colleague at Unit221B — founder Lance James — what he thought about the efficacy of another anti-malware approach suggested by Twitter followers who chimed in on last week’s discussion: Adding entries to the Windows registry that specify the system is running as a virtual machine (VM). In a bid to stymie analysis by antivirus and security firms, some malware authors have traditionally configured their malware to quit installing if it detects it is running in a virtual environment. But James said this prohibition is no longer quite so common, particularly since so many organizations have transitioned to virtual environments for everyday use. “Being a virtual machine doesn’t stop malware like it used to,” James said. “In fact, a lot of the ransomware we’re seeing now is running on VMs.” But James says he loves the idea of everyone adding a language from the CIS country list so much he’s produced his own clickable two-line Windows batch script that adds a Russian language reference in the specific Windows registry keys that are checked by malware. The script effectively allows one’s Windows PC to look like it has a Russian keyboard installed without actually downloading the added script libraries from Microsoft. To install a different keyboard language on a Windows 10 computer the old fashioned way, hit the Windows key and X at the same time, then select Settings, and then select “Time and Language.” Select Language, and then scroll down and you should see an option to install another character set. Pick one, and the language should be installed the next time you reboot. Again, if for some reason you need to toggle between languages, Windows+Spacebar is your friend.
For years, the cybersecurity industry has relied on white hat hackers to identify potential vulnerabilities and develop exploit code to prove that security flaws are more than theoretical.
Starting in February, we identified at least four versions of the RAT delivery campaign, each of which includes multiple advancements and adaptations over the past three months.
Users will encounter scam web pages that are propagated on a large scale through a number of techniques, including malvertising, compromised WordPress sites, and SEO tricks.
The county’s 911 system remained working amid the incident. Elements of the county’s server are gradually coming back online. However, county officials say the process is still ongoing.
The compromised data obtained by the Avaddon group allegedly includes customer medical reports, copies of ID cards, bank account statements, claim forms, payment records, contracts, and more.
Avaddon ransomware gang made the headlines again, the cybercrime gang has breached the France-based financial consultancy firm Acer Finance and gave the firm 240 hours to cooperate with their demands.
Attacking the very people who work on stopping threat actors may seem like a bad idea. But some threat groups do go after people who’ve made a career doing vulnerability research.
The Echelon application API leaked PII due to an Insecure Direct Object References (IDOR) vulnerability, meaning a lack of access controls or privileges to safeguard this functionality.
Bizarro has x64 modules and is able to trick users into entering two-factor authentication codes in fake pop-ups. It may also use social engineering to convince victims to download a smartphone app.
Personal information about an unknown number of students, parents, and employees has been exposed, along with bank account information for an unknown number of vendors, the district revealed recently.
US authorities have charged a gang of Brazilian nationals for a scheme that defrauded the customers of services like Uber, Lyft, DoorDash, and two other unidentified food delivery services.
The incident caused cancellations and disruption to services at multiple hospitals in the country, fortunately, the ongoing coronavirus vaccination campaign was not affected.
Payments to ransomware attackers rose 337% from 2019 to 2020, reaching more than $400 million worth of cryptocurrency, according to figures just released by Chainalysis, a blockchain analysis company.
Graduating students from several universities in the U.S. have been reporting fraudulent transactions after using payment cards at popular cap and gown maker Herff Jones.
Although it was a pretty basic malware, it was the first time many people had ever heard of the concept — or of digital extortion. It's unclear if any people or organizations paid the ransom.
AMD has issued guidance for two attacks (CVE-2020-12967, CVE-2021-26311) that allow bypassing the SEV technology implemented to prevent rogue operating systems on virtual machines.
Defenders need to be 100% perfect at protecting 100% of the countless entry points 100% of the time in order to prevent breaches, while on the other hand, hackers only need one exploit that works.
Several security researchers and security firms who reviewed last week’s security updates considered the bug the most dangerous vulnerability Microsoft fixed in this month’s patch cycle.
With an unprecedented number of people working remotely, phishing and ransomware attacks increased by 11 percent and 6 percent respectively, with instances of misrepresentation increasing by 15 times.
Cisco Systems (CSCO) plans to acquire privately-held California-based Kenna Security in a bid to enhance its security offerings. However, the financial terms of the deal were not disclosed.
Three hacking forums have now banned ransomware ads, three ransomware leak sites have gone down, and two other ransomware groups have announced plans to stop operating in public and go “private.”
BluBracket on Thursday said it raised $12 million in Series A funding so it can continue to work with DevSecOps teams to build security into products from the start and shift code development left.
The notorious cybercrime gang behind the Carbanak RAT is spreading a backdoor called Lizar under the guise of a Windows pen-testing tool for ethical hackers. Experts say the group may be planning to further sharpen its tools and techniques to make its attacks stealthier and more effective.
APT36 was found creating fake domains to impersonate military and defense firms and disseminate malware-laced documents to infect victims with ObliqueRAT and CrimsonRAT. Organizations are recommended to stay vigilant and implement adequate security measures proactively.
A total of 12 design and implementation flaws in IEEE 802.11 technical standards leave all WiFi devices vulnerable to attacks. These flaws can be exploited by attackers within the radio range of the target.
This Metasploit module leverages a UAC bypass (TokenMagic) in order to spawn a process/conduct a DLL hijacking attack to gain SYSTEM-level privileges. Windows 7 through Windows 10 1803 are affected.
The DBUtil_2_3.sys driver distributed by Dell exposes an unprotected IOCTL interface that can be abused by an attacker to read and write kernel-mode memory.
Wapiti is a web application vulnerability scanner. It will scan the web pages of a deployed web application and will fuzz the URL parameters and forms to find common web vulnerabilities.
Ubuntu Security Notice 4956-1 - It was discovered that Eventlet incorrectly handled certain requests. An attacker could possibly use this issue to cause a denial of service.
Ubuntu Security Notice 4955-1 - Matthias Gerstner discovered that Please contained multiple security issues. A local attacker could use these issues to cause Please to crash, resulting in a denial of service, or possibly escalate privileges.
Billing Management System version 2.0 suffers from multiple remote SQL injection vulnerabilities. Original discovery of SQL injection in this version is attributed to Pintu Solanki in February of 2021.
Ubuntu Security Notice 4628-3 - USN-4628-1 provided updated Intel Processor Microcode for various processor types. This update provides the corresponding updates for some additional processor types. Moritz Lipp, Michael Schwarz, Andreas Kogler, David Oswald, Catherine Easdon, Claudio Canella, and Daniel Gruss show more ...
discovered that the Intel Running Average Power Limit feature of some Intel processors allowed a side- channel attack based on power consumption measurements. A local attacker could possibly use this to expose sensitive information. Ezra Caltum, Joseph Nuzman, Nir Shildan and Ofir Joseff discovered that some Intel Processors did not properly remove sensitive information before storage or transfer in some situations. A local attacker could possibly use this to expose sensitive information. Ezra Caltum, Joseph Nuzman, Nir Shildan and Ofir Joseff discovered that some Intel Processors did not properly isolate shared resources in some situations. A local attacker could possibly use this to expose sensitive information. Various other issues were also addressed.
Just as Colonial Pipeline restored all of its systems to operational status in the wake of a crippling ransomware incident a week ago, DarkSide, the cybercrime syndicate behind the attack, claimed it lost control of its infrastructure, citing a law enforcement seizure. All the dark websites operated by the gang, including its DarkSide Leaks blog, ransom collection site, and breach data content
In today's digital world, password security is more important than ever. While biometrics, one-time passwords (OTP), and other emerging forms of authentication are often touted as replacements to the traditional password, today, this concept is more marketing hype than anything else. But just because passwords aren't going anywhere anytime soon doesn't mean that organizations don’t need to
Cybersecurity researchers have uncovered an ongoing malware campaign that heavily relies on AutoHotkey (AHK) scripting language to deliver multiple remote access trojans (RAT) such as Revenge RAT, LimeRAT, AsyncRAT, Houdini, and Vjw0rm on target Windows systems. At least four different versions of the campaign have been spotted starting February 2021, according to researchers from Morphisec Labs
Latest research has demonstrated a new exploit that enables arbitrary data to be uploaded from devices that are not connected to the Internet by simply sending "Find My Bluetooth" broadcasts to nearby Apple devices. "It's possible to upload arbitrary data from non-internet-connected devices by sending Find My [Bluetooth Low Energy] broadcasts to nearby Apple devices that then upload the data for
One week after the French branch of cyberinsurance giant AXA said that it would no longer be writing policies to cover ransomware payments, the company's operations in Thailand, Malaysia, Hong Kong, and the Phillippines have reportedly been hit... by a ransomware attack.
One week after the French branch of cyber insurance giant AXA said that it would no longer be writing policies to cover ransomware payments, the company's operations in Thailand, Malaysia, Hong Kong, and the Phillippines have reportedly been hit... by a ransomware attack.
