With David on holiday, Ahmed and I are holding down the fort for this week’s Kaspersky Transatlantic Cable podcast. We open the show with a pair of stories about Apple. In the first, the company is holding off on the rollout of its controversial CSAM — for now. Then, we look at the aftermarket for iPhone show more ...
chargers, which includes the OMG Cable, a charger with a built in hotspot that steals credentials, and Ahmed continues his habit of making me look dumb with his obscure trivia. Getting back to our slate of stories, we discuss a new vulnerability in Confluence that further bolsters our “updates are important” stance. (Despite the patch being available, criminals are exploiting this PoC for those who have yet to update their servers.) From there we head to the infosec drama story of the week, with the ransomware-as-a-service gang. In this story, a former member of the group has leaked the source code for Babuk Locker on a criminal forum. The note attached to the leak is one for the ages, including terminal cancer and the phrase “I will have time to live like a human.” From there, it’s over to Latin America, where El Salvador has become the first country to embrace Bitcoin, including issuing $30 in the cryptocurrency to users who install the government-backed wallet. To close out the podcast, we discuss NFTs and a fraudulent Banksy NFT that sold for more than $330,000. In a happy turn of events, the buyer was refunded most of the money. If you liked what you heard, please consider subscribing and sharing with your friends. For more information on the stories we covered, see the links below: Apple delays plans to scan devices for child abuse images after privacy backlash Security researcher develops Lightning cable with hidden chip to steal passwords S. Cyber Command warns of ongoing attacks exploiting Atlassian Confluence flaw Babuk ransomware’s full source code leaked on hacker forum Fear and excitement in El Salvador as Bitcoin becomes legal tender Fake Banksy NFT sold through artist’s website for £244k
For Android users, installing applications from Google Play, and Google Play only, is the wise choice. With its strong safety rules, official app monitoring, plentiful user reviews, and security researcher scrutiny, Android’s official store tends to be a safe place for downloading apps. Even when malware does show more ...
make it to Google Play, it is quickly identified and removed. Android device owners do, however, also have the option to download and install apps from third-party sources. But does the freedom outweigh the danger? Allowing or denying alternative installation On the one hand, having the ability to shop outside of the Google Play store can be quite useful; not every app is available there. On the other hand, that freedom comes with an increased risk of infection, because outside of Google Play, apps lose Google’s quality and safety oversight. Together with a program’s installer — or even instead of it — dangerous apps can get onto users’ devices and steal personal data, money, or both. Here are just a few examples of such attacks: A popular alternative app store was infected with a Trojan and began distributing malware; Using the permission to install unknown applications, criminals distributed ransomware disguised as a beta version of a game called Cyberpunk 2077; Other criminals passed off Loapi malware as an antivirus utility and an adult-content app. The Trojan turned smartphones into bots for DDoS attacks, made them mine cryptocurrency, or simply flooded them with ads. The above represent a sampling of why new phones come with external software installation disabled. To avoid falling victim to schemes that rely on external installations, don’t be tempted to enable installation of unknown apps, and if you have, turn it off immediately. Here’s how. How to turn off installation of unknown apps in Android 8 and later In the latest versions of Android, the relevant feature is called Install unknown apps, and it is enabled separately for each app. If you have allowed installation from unknown sources for some apps, you will need to disable it separately for each app. Here’s how to do it: Open the system settings on your device; Choose Apps and notifications; Select Advanced and go to Special app access; Select Install unknown apps; Check what is listed under each app installed on your phone. If you see Allowed, select the app in the list and disable installation of unknown applications. How to disable installation of unknown apps in Android 8 and later Please note, we’re using the names of the settings in stock Android. Manufacturers often modify the standard Android interface, so some menu items may have different names on your phone. How to turn off installation from unknown sources in Android 7 and earlier In Android 7 and earlier the setting is called Unknown sources, and there’s just one switch that turns installation of non-Google Play apps on or off for the entire system. Here’s how to find it: Open the system settings on your device; Go to Security; Scroll down to Unknown sources and make sure it’s disabled. How to disable installation of apps from unknown sources in Android 6 and 7 At first glance, managing this setting seems much easier in older versions of Android, but from a security viewpoint, things aren’t that straightforward. If you accidentally allow installation of unknown apps in Android 6 or 7, then any app at all can download malicious files — and that includes apps you install later. How to safely download an app that’s not on Google Play What if a program you need is not available in the official store, but you still need to install it? Search for similar apps. Try looking for alternatives in the official store. Maybe there is an app on Google Play with functions that suit your needs. Scan the file before installing. Even if you can’t do without a third-party source, don’t rush to change your settings. First, download the installation file, and before launching it, scan it with your mobile antivirus solution. Check permissions. Consider the list of permissions the app requests during installation. If a program demands too much, try to find something similar with more modest requests. Disable installation of unknown apps. Remember to change your settings back after installation. Don’t leave your phone open to malware!
Russian internet giant Yandex has been targeted in a massive distributed denial-of-service (DDoS) attack that started last week and it reportedly continues this week. Russian media called the assault the largest in the history of Russian internet.
The security issue is identified as CVE-2021-40539. It is considered critical as it can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
The vulnerabilities affect both Windows and Unix-based users, and if left unpatched, can be exploited by attackers to achieve arbitrary code execution on a system installing untrusted npm packages.
As of now, Tesla’s Full Self-Driving Beta software is only being tested internally and as part of the automaker’s “early access program,” which includes some Tesla customers.
According to a report of the Russian news outlet Izvestia, a few unidentified hackers hacked a Russian government website. And they started to promote Ponzi Bitcoin free giveaway promotion.
The federal government is pushing hard for agencies to adopt zero-trust cybersecurity architectures, with new guidance released Tuesday from the Office of Management and Budget and the CISA.
Shasta Ventures led the round with participation from new firms Canaan and Ericsson Ventures along with existing investors Evolution Equity Partners, Lytical Ventures and Emerald Development Managers.
A cybercriminal claimed to have stolen the personal information of around seven million Israelis, approximately 80% of Israel's population, by hacking into the City4U website used by municipalities.
In a blog post from its security response team, Microsoft said it had fixed the flaw reported by Palo Alto Networks and it had no evidence malicious hackers had abused the technique.
The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) has released the final version of a Cybersecurity Practice Guide for first responders.
According to Security Compass research, in mid-sized to large enterprises, 50% of the software applications being developed are cloud-based, and another 30% are expected to migrate to the cloud within the next two years.
Network security solutions provider Fortinet confirmed that a malicious actor had unauthorizedly disclosed VPN login names and passwords associated with 87,000 FortiGate SSL-VPN devices.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued new guidelines for government and private organizations to take into consideration when looking to outsource services to a Managed Service Provider (MSP).
After a summer marked by big ransomware attacks from suspected Russian gangs, some of those same groups went quiet. National Cyber Director Chris Inglis has said that it’s too early to tell if the trend will hold.
A new distributed denial-of-service (DDoS) botnet that kept growing over the summer has been hammering Russian internet giant Yandex for the past month, the attack peaking at the unprecedented rate of 21.8 million requests per second.
The TeamTNT malware pushers have a slew of new toys that have inflicted more than 5,000 infections globally as antivirus (AV) tools struggle to catch up with the newest malware.
A total of 16 issues were patched with the first part of this month’s security updates – the 2021-09-01 security patch level – including one critical issue in the Framework component.
The novel backdoor technique called SideWalk, seen in campaigns targeting US media and retailers late last month, has been tied to an adversary that’s been around for quite a while: namely, China-linked Grayfly espionage group.
Attackers abused an Open Graph Navigation Library (OGNL) injection flaw – the same vulnerability type involved in the notorious 2017 Equifax hack – capable of leading to remote code execution (RCE) in Confluence Server and Data Center instances.
According to a new report, about a third of emails reported by employees really are malicious or highly suspect, demonstrating the effectiveness of the well-established maxim "Think before you click".
The latest round co-led by Sands Capital Ventures and Tiger Global follows a funding round in March when $175 million of new capital was raised. The company was valued at $4.7 billion only six months ago.
Researchers are tracking a campaign that is both promoting the Chinese government and encouraging real-world protests surrounding the COVID-19 pandemic in the United States.
FireMon announced it has acquired DisruptOps, a cloud security provider. It also added that the DisruptOps platform extends FireMon’s solutions to include monitoring and responding to security risks across customers’ public cloud infrastructure.
After providing an activist's metadata to authorities in Switzerland, ProtonMail has removed the section that had promised no IP logs, replacing it with an amended version.
The Russian approach to hacking shifted considerably over the past year, with state-sponsored attacks on commercial organizations dropping off even as the local cybercrime scene dominated the field, CrowdStrike said in a report.
Thoma Bravo announced it has signed a definitive agreement to make a strategic growth investment in Intel 471, a provider of cyber threat intelligence for leading enterprises and governments.
Ubuntu Security Notice 5069-2 - USN-5069-1 fixed a vulnerability in mod-auth-mellon. This update provides the corresponding updates for Ubuntu 21.04. It was discovered that mod-auth-mellon incorrectly filtered certain URLs. A remote attacker could possibly use this issue to perform an open redirect attack. Various other issues were also addressed.
Ubuntu Security Notice 5070-1 - Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel allowed a guest VM to disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a guest VM could use this to read or write portions of the host's show more ...
physical memory. Maxim Levitsky discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not properly prevent a guest VM from enabling AVIC in nested guest VMs. An attacker in a guest VM could use this to write to portions of the host's physical memory. Various other issues were also addressed.
Red Hat Security Advisory 2021-3425-01 - Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications for OpenShift as a containerized platform. This release of Red Hat support for Spring Boot 2.3.10 serves as a replacement for Red Hat support show more ...
for Spring Boot 2.3.6, and includes security and bug fixes and enhancements. For more information, see the release notes listed in the References section. Issues addressed include denial of service and information leakage vulnerabilities.
Ubuntu Security Notice 5072-1 - Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel allowed a guest VM to disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a guest VM could use this to read or write portions of the host's show more ...
physical memory. Maxim Levitsky discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not properly prevent a guest VM from enabling AVIC in nested guest VMs. An attacker in a guest VM could use this to write to portions of the host's physical memory. Various other issues were also addressed.
Red Hat Security Advisory 2021-3477-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host show more ...
virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include code execution, out of bounds write, and use-after-free vulnerabilities.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday issued a bulletin warning of a zero-day flaw affecting Zoho ManageEngine ADSelfService Plus deployments that is currently being actively exploited in the wild. The flaw, tracked as CVE-2021-40539, concerns a REST API authentication bypass that could lead to arbitrary remote code execution (RCE). ADSelfService Plus
The operators behind the REvil ransomware-as-a-service (RaaS) staged a surprise return after a two-month hiatus following the widely publicized attack on technology services provider Kaseya on July 4. <!--adsense--> Two of the dark web portals, including the gang's Happy Blog data leak site and its payment/negotiation site, have resurfaced online, with the most recent victim added on July 8,
There are plenty of pop culture references to rogue AI and robots, and appliances turning on their human masters. It is the stuff of science fiction, fun, and fantasy, but with IoT and connected devices becoming more prevalent in our homes, we need more discussion around cybersecurity and safety. Software is all around us, and it’s very easy to forget just how much we’re relying on lines of code
Network security solutions provider Fortinet confirmed that a malicious actor had unauthorizedly disclosed VPN login names and passwords associated with 87,000 FortiGate SSL-VPN devices. "These credentials were obtained from systems that remained unpatched against CVE-2018-13379 at the time of the actor's scan. While they may have since been patched, if the passwords were not reset, they remain
ProtonMail finds itself in a privacy pickle, the big problem with Facebook's algorithmic amplification, and strange things are happening on Banksy's website. All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire's Dave Bittner.
In a security advisory, Microsoft has warned that malicious hackers are exploiting an unpatched vulnerability in Windows to launch targeted attacks against organisations. Read more in my article on the Tripwire State of Security blog.
I'm excited to be participating in two webinars next Thursday (16 September 2021), and you're welcome to attend them for free. Spaces are limited, and both events should be a lot of fun, so register now if you’re interested in attending.