The whole world is entirely about Windows 11 these days, but for some users, this doesn’t necessarily matter, as they’re still stuck with Windows 7 on some of their workstations. Needless to say, most of these users are employees of companies that couldn’t perform the switch to newer operating systems due to show more ...
various problems, so their only option was to continue running Windows 7 and pay for custom support from Microsoft. This is the reason the Redmond-bases software giant still releases updates as part of the monthly Patch Tuesday cycle, though very important to know is that not everybody running Windows 7 is getting these updates but only customers (all of them companies) paying for them. Enter new monthly rollup The October 2021 monthly rollup for Windows 7 is KB5006743, and it includes several fixes, including for a bug that causes the Internet print server to fail to package the driver to send to the client. In addition, Microsoft says the ... (read more)
The new Windows 10 cumulative updates released a few hours ago are obviously focused on security improvements, and this makes perfect sense since they landed as part of the October Patch Tuesday. If you’re running the latest Windows 10 versions, namely version 2004, 20H2, or 21H1, then the update you should get is show more ...
KB5006670, and just like before, it comes with the same changelog on all versions. This is because these three Windows 10 releases share a similar codebase, so Microsoft is using the same cumulative updates to service all of them. Just a single line in the changelog As for what’s new in Windows 10 cumulative update KB5006670, Microsoft says it corrected an issue affecting several applications, including Microsoft Office. The company explains the following about the update: “Addresses an issue that prevents some applications, such as Microsoft Office and Adobe Reader, from opening or causes them to stop responding. This occurs on devic... (read more)
Microsoft has released a new set of cumulative updates for Windows 10 devices, this time as part of the October 2021 Patch Tuesday rollout. Needless to say, the primary focus of all these updates is the operating system security, and this is the reason they go live on a Patch Tuesday. As it typically happens when show more ...
Microsoft ships new cumulative updates, all versions are getting patched, obviously except for those who are no longer receiving support from Microsoft. This is the first Patch Tuesday after the release of Windows 11, so with people migrating to the new operating system, the number of devices still running Windows 10 is getting smaller and smaller. But of course, Windows 10 still remains the number one Microsoft operating system currently in use, though given the software giant accelerates the rollout of Windows 11, and even plans to complete it by the summer of 2022, more and more people would be making the switch. Check for updates right now
Microsoft “celebrated” Patch Tuesday this week, and given the rollout of Windows 11 started a few weeks ago, the company came up with a new cumulative update for the first devices that received the new operating system as well. The very first cumulative update aimed at Windows 11 is therefore KB5006674, and show more ...
according to the official changelog, which actually includes just a single line of text, it is specifically aimed at resolving a compatibility issue hitting the original release of the OS. Microsoft says it has resolved some compatibility problems between Intel networking software and Windows 11, so if you’ve previously experienced such issues before too, just make sure that you install the new cumulative update available today. “Addresses known compatibility issues between some Intel “Killer” and “SmartByte” networking software and Windows 11 (original release). Devices with the affected software might drop User Datagram Protocol (UDP) packets under certain co... (read more)
The new Apple Watch Series 7 brings little changes despite all the rumors that had been swirling around in the last six months or so, as the Cupertino-based tech giant has reportedly given up on plans to release a massive design overhaul for this year’s generation. The device was originally expected to give up on show more ...
the curved edges and go for straight sides a la iPhone 12, but as everybody knows already, this didn’t happen and the Apple Watch Series 7 looks very similar to its predecessor. There’s one important change, however. Apple increased the sizes of the two sizes it produces, so instead of 40 and 44mm models, the Apple Watch is now available with 41 and 45mm screens. Thanks to smaller bezels, the available screen estate is therefore substantially larger, though almost everything else is just like on the Apple Watch Series 6. Hello, third size But as it turns out, Apple is planning big changes for the next Apple Watch, presumably called Seri... (read more)
Apple launched the iPhone 13 with much fanfare last month, but as Tim Cook warned during the latest earnings call, the company is struggling with a component shortage caused by the global chip crisis. In other words, some suppliers can’t produce enough components because they don’t have the chips for them, so show more ...
Apple in its turn has no other option than to reduce the production of the iPhone 13. Could this affect the global inventory of the iPhone 13 and increase delivery times? This is rather unlikely, especially since the device is already available for same-day delivery in some markets, but on the other hand, it could be a problem for Apple in the short term, as the company may fail to reach its production target this year. A report from Bloomberg reveals that Broadcom and Texas Instruments are two of the largest suppliers who are unab... (read more)
A recent phishing campaign targeting Coinbase users shows thieves are getting smarter about phishing one-time passwords (OTPs) needed to complete the login process. It also shows that phishers are attempting to sign up for new Coinbase accounts by the millions as part of an effort to identify email addresses that are show more ...
already associated with active accounts. A Google-translated version of the now-defunct Coinbase phishing site, coinbase.com.password-reset[.]com Coinbase is the world’s second-largest cryptocurrency exchange, with roughly 68 million users from over 100 countries. The now-defunct phishing domain at issue — coinbase.com.password-reset[.]com — was targeting Italian Coinbase users (the site’s default language was Italian). And it was fairly successful, according to Alex Holden, founder of Milwaukee-based cybersecurity firm Hold Security. Holden’s team managed to peer inside some poorly hidden file directories associated with that phishing site, including its administration page. That panel, pictured in the redacted screenshot below, indicated the phishing attacks netted at least 870 sets of credentials before the site was taken offline. The Coinbase phishing panel. Holden said each time a new victim submitted credentials at the Coinbase phishing site, the administrative panel would make a loud “ding” — presumably to alert whoever was at the keyboard on the other end of this phishing scam that they had a live one on the hook. In each case, the phishers manually would push a button that caused the phishing site to ask visitors for more information, such as the one-time password from their mobile app. “These guys have real-time capabilities of soliciting any input from the victim they need to get into their Coinbase account,” Holden said. Pressing the “Send Info” button prompted visitors to supply additional personal information, including their name, date of birth, and street address. Armed with the target’s mobile number, they could also click “Send verification SMS” with a text message prompting them to text back a one-time code. SIFTING COINBASE FOR ACTIVE USERS Holden said the phishing group appears to have identified Italian Coinbase users by attempting to sign up new accounts under the email addresses of more than 2.5 million Italians. His team also managed to recover the username and password data that victims submitted to the site, and virtually all of the submitted email addresses ended in “.it”. But the phishers in this case likely weren’t interested in registering any accounts. Rather, the bad guys understood that any attempts to sign up using an email address tied to an existing Coinbase account would fail. After doing that several million times, the phishers would then take the email addresses that failed new account signups and target them with Coinbase-themed phishing emails. Holden’s data shows this phishing gang conducted hundreds of thousands of halfhearted account signup attempts daily. For example, on Oct. 10 the scammers checked more than 216,000 email addresses against Coinbase’s systems. The following day, they attempted to register 174,000 new Coinbase accounts. In an emailed statement shared with KrebsOnSecurity, Coinbase said it takes “extensive security measures to ensure our platform and customer accounts remain as safe as possible.” Here’s the rest of their statement: “Like all major online platforms, Coinbase sees attempted automated attacks performed on a regular basis. Coinbase is able to automatically neutralize the overwhelming majority of these attacks, using a mixture of in-house machine learning models and partnerships with industry-leading bot detection and abuse prevention vendors. We continuously tune these models to block new techniques as we discover them. Coinbase’s Threat Intelligence and Trust & Safety teams also work to monitor new automated abuse techniques, develop and apply mitigations, and aggressively pursue takedowns against malicious infrastructure. We recognize that attackers (and attack techniques) will continue to evolve, which is why we take a multi-layered approach to combating automated abuse.” Last month, Coinbase disclosed that malicious hackers stole cryptocurrency from 6,000 customers after using a vulnerability to bypass the company’s SMS multi-factor authentication security feature. “To conduct the attack, Coinbase says the attackers needed to know the customer’s email address, password, and phone number associated with their Coinbase account and have access to the victim’s email account,” Bleeping Computer’s Lawrence Abrams wrote. “While it is unknown how the threat actors gained access to this information, Coinbase believes it was through phishing campaigns targeting Coinbase customers to steal account credentials, which have become common.” This phishing scheme is another example of how crooks are coming up with increasingly ingenious methods for circumventing popular multi-factor authentication options, such as one-time passwords. Last month, KrebsOnSecurity highlighted research into several new services based on Telegram-based bots that make it relatively easy for crooks to phish OTPs from targets using automated phone calls and text messages.These OTP phishing services all assume the customer already has the target’s login credentials through some means — such as through a phishing site like the one examined in this story. Savvy readers here no doubt already know this, but to find the true domain referenced in a link, look to the right of “http(s)://” until you encounter the first slash (/). The domain directly to the left of that first slash is the true destination; anything that precedes the second dot to the left of that first slash is a subdomain and should be ignored for the purposes of determining the true domain name. In the phishing domain at issue here — coinbase.com.password-reset[.]com — password-reset[.]com is the destination domain, and the “coinbase.com” is just an arbitrary subdomain of password-reset[.]com. However, when viewed in a mobile device, many visitors to such a domain may only see the subdomain portion of the URL in their mobile browser’s address bar. The best advice to sidestep phishing scams is to avoid clicking on links that arrive unbidden in emails, text messages or other media. Most phishing scams invoke a temporal element that warns of dire consequences should you fail to respond or act quickly. If you’re unsure whether the message is legitimate, take a deep breath and visit the site or service in question manually — ideally, using a browser bookmark so as to avoid potential typosquatting sites. Also, never provide any information in response to an unsolicited phone call. It doesn’t matter who claims to be calling: If you didn’t initiate the contact, hang up. Don’t put them on hold while you call your bank; the scammers can get around that, too. Just hang up. Then you can call your bank or wherever else you need. By the way, when was the last time you reviewed your multi-factor settings and options at the various websites entrusted with your most precious personal and financial information? It might be worth paying a visit to 2fa.directory (formerly twofactorauth[.]org) for a checkup.
In this Spotlight Podcast, Pondurance Founder and Chief Customer Officer Ron Pelletier gives us his predictions about the security trends that will shape 2022. The post Spotlight: COVID Broke Security. Can We Fix It In 2022? appeared first on The Security Ledger with Paul F. Roberts. Click the icon below to show more ...
listen. Related StoriesSpotlight: Operationalizing MDR with Pondurance CISO Dustin HutchisonSpotlight: Operationalizing MDR with Pondurance CISO Dustin HutchinsonSpotlight: When Ransomware Comes Calling
Armis expects most of it to come from a single new strategic investor at a $3.5B valuation and anticipates that will be the company's final funding round before pursuing an IPO, Calcalist reported.
Microsoft has fixed 74 vulnerabilities (81 including Microsoft Edge) with today's update, with three classified as Critical, and 70 as Important, and one as Low. This also included 4 zero-day flaws.
Operators behind the FreakOut (aka Necro, N3Cr0m0rPh) Python botnet have added a PoC exploit for Visual Tools DVR, a professional digital video recorder used in surveillance video systems.
Cybersecurity Advisors Network (CyAN) has created a new working group to advocate for legislation that stops vendors from suing when security researchers show them zero-day bugs in their kit.
Cisco Talos recently discovered two vulnerabilities in the Anker Eufy Homebase. The Eufy Homebase 2 is the video storage and networking gateway that works with Anker’s Eufy Smarthome ecosystem.
The police learned about their activity after starting to investigate the website in 2020, following complaints from a game server that was the victim of a DDoS attack via minesearch.rip.
The IT giant addressed four vulnerabilities in Acrobat and Reader for Windows and macOS, including two critical arbitrary code execution flaws, tracked as CVE-2021-40728 and CVE-2021-40731.
Antivirus and anti-malware brand STOPzilla has been acquired by California holding company RealDefense. The deal marks RealDefense's fourth acquisition in the security sector.
Like many Android apps, the "Blender Photo Editor-Easy Photo Background Editor" app comes with the Facebook sign-in functionality. Except, it also uses Facebook credentials for malicious purposes.
The PyPI repository has removed a Python package called 'mitmproxy2' that was an identical copy of the official "mitmproxy" library, but with an "artificially introduced" code execution vulnerability.
Researchers at the Synopsys Cybersecurity Research Center discovered medium-severity SQL injection, path traversal, and XSS vulnerabilities that could be exploited by authenticated users.
MyKings is a long-standing and relentless botnet that has been active since at least 2016. Since then it has spread and extended its infrastructure so much that it has even gained multiple names.
The Check Point Research team said that flaws in the OpenSea NFT marketplace could have allowed "hackers to hijack user accounts and steal entire crypto wallets of users, by sending malicious NFTs."
People who use ransomware to conduct extortion will be slapped with new stand-alone aggravated criminal charges. Another offense has also been created for those attacking critical infrastructure.
The cybercriminals were using the exploit as part of a wider effort to install a remote shell on target servers, the MysterySnail malware, which was unknown prior to this campaign.
A new memorandum from the Office of Management and Budget sets a 90-day deadline for CISA to assess existing endpoint detection and response, or EDR, deployments at federal agencies.
In this case, the actors are using a square root symbol, a logical NOR operator, or the checkmark symbol itself, all helping to create a slight optical differentiation to bypass spam detectors.
The United Kingdom's National Cyber Security Center has published an updated guidance for employees using their personal devices for work, amid a prolonged work-from-home setting.
Industrial giants Siemens and Schneider Electric on Tuesday released nearly a dozen security advisories describing a total of more than 50 vulnerabilities affecting their products.
Hariexpress has unwittingly exposed close to 1.8 billion records, including customers’ and sellers’ personal information, after misconfiguring an Elasticsearch server, according to researchers.
The team will provide services in four key areas: strategic advisory, trust and compliance, security customer and solutions engineering, and threat intelligence and incident response.
MITRE has created two new organizations intended to help the company better focus on cybersecurity threats to critical infrastructure and new approaches to public health challenges.
The shut down of systems due to the cyberattack has led to widespread disruption for the bank, with ATMs no longer working and the online banking portals showing maintenance messages.
For its October 2021 Security Patch Day, SAP announced the release of 13 new security notes and an update for a previously released note. Three of the notes are rated Hot News.
ESET unearthed a new malware strain, dubbed FontOnLake, that targets Linux systems and appears to have claimed a limited number of victims in Southeast Asia. The malware appears to boast sneaky nature and advanced designs. Security teams are suggested to proactively prepare their defenses against this threat.
Google warned against phishing attempts by APT28 impacting nearly 14,000 Gmail users, especially activists, journalists, and government officials as they are the key targets of state-sponsored hacks. However, there were no confirmed reports of compromised Gmail accounts.
Apache, the open-source cross-platform web server software, rolled out patches to fix two security vulnerabilities that were being abused by criminals. While the first flaw can be exploited for RCE, the other moderate flaw can enable DoS attacks on the server. Experts recommend following proper patch management show more ...
programs, using updated software to stay protected, as well as using multi-layered detection systems to flag any intrusions.
A compromise of sensitive health information at Premier Patient Healthcare affecting nearly 38,000 individuals was discovered nearly a year after a terminated company executive accessed the data.
Red Hat Security Advisory 2021-3841-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.2.0. Issues addressed include double free and use-after-free vulnerabilities.
Red Hat Security Advisory 2021-3838-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.2.0. Issues addressed include double free and use-after-free vulnerabilities.
Red Hat Security Advisory 2021-3836-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include a server-side request forgery vulnerability.
Red Hat Security Advisory 2021-3837-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include a server-side request forgery vulnerability.
Ubuntu Security Notice 5078-3 - USN-5078-1 fixed a vulnerability in Squashfs-Tools. That update was incomplete and could still result in Squashfs-Tools mishandling certain malformed SQUASHFS files. This update fixes the problem. Richard Weinberger discovered that Squashfs-Tools mishandled certain malformed SQUASHFS show more ...
files. An attacker could use this vulnerability to write arbitrary files to the filesystem. Various other issues were also addressed.
Red Hat Security Advisory 2021-3819-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 5.0.208 and .NET Runtime 5.0.11.
Red Hat Security Advisory 2021-3840-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.2.0. Issues addressed include double free and use-after-free vulnerabilities.
Red Hat Security Advisory 2021-3839-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.2.0. Issues addressed include double free and use-after-free vulnerabilities.
Red Hat Security Advisory 2021-3818-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 5.0.208 and .NET Runtime 5.0.11.
Red Hat Security Advisory 2021-3816-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include heap overflow and server-side request forgery vulnerabilities.
Red Hat Security Advisory 2021-3810-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2021-3798-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include integer overflow and null pointer vulnerabilities.
Red Hat Security Advisory 2021-3801-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2021-3807-01 - 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration.
Red Hat Security Advisory 2021-3802-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a bypass vulnerability.
Microsoft on Tuesday rolled out security patches to contain a total of 71 vulnerabilities in Microsoft Windows and other software, including a fix for an actively exploited privilege escalation vulnerability that could be exploited in conjunction with remote code execution bugs to take control over vulnerable systems. Two of the addressed security flaws are rated Critical, 68 are rated Important
A now-patched critical vulnerability in OpenSea, the world's largest non-fungible token (NFT) marketplace, could've been abused by malicious actors to drain cryptocurrency funds from a victim by sending a specially-crafted token, opening a new attack vector for exploitation. The findings come from cybersecurity firm Check Point Research, which began an investigation into the platform following
The Software-as-a-service (SaaS) industry has gone from novelty to an integral part of today’s business world in just a few years. While the benefits to most organizations are clear – more efficiency, greater productivity, and accessibility – the risks that the SaaS model poses are starting to become visible. It’s not an overstatement to say that most companies today run on SaaS. This poses an
Malware leaps from the darkness to envelop our lives in a cloak of stolen information, lost data and worse. But to know your enemy is to defeat your enemy. So we peered over the ledge leading to the dark web and leapt. The forces we sought are disruptors – without warning, they disturb our businesses and our show more ...
connections to family and friends. And darkness we found – from million-dollar ransoms to supply chain attacks, these malware variants were The 6 Nastiest Malware of 2021. How malware disrupted our lives These days, every major ransomware campaign runs a “double extortion” method, a scary prospect for small businesses. They steal and lock files away and they will absolutely leak data in the most damaging way if a ransom settlement is not reached. Phishing continues to be key for these campaigns and it’s typically the first step in compromising a business for the nastiest malware. This highlights the importance of user education – training users to avoid clicking these phishing lures or preventing them from enabling macros from these attachments are proven in stopping malware in its tracks. While the list below may define payloads into different categories of malware, note that many of these bad actor groups contract work from others. This allows each group to specialize on their respective payload and perfect it. This year’s wicked winners Lemonduck A persisting botnet with a cryptomining payload and moreInfects via emails, brute force, exploits and moreRemoves competing malware, ensuring they’re the only infection REvil The Nastiest Ransomware of 2021 that made headlines with supply chain attacksMany attempts to shutdown the REvil group have so far failedTheir ransomware as a service (RaaS) platform is on offer to other cybercriminals Trickbot Decade old banking and info-stealing Trojan and backdoorDisables protections, spreads laterally and eventually leads to ransomware like ContiExtremely resilient, surviving numerous attacks over the years Dridex Banking and info-stealing Trojan and backdoorSpreads laterally and listens for domain credentialsEventually leads to ransomware like Grief/BitPaymer/DoppelPaymer Conti Longstanding ransomware group also known as Ryuk and likely linked to LockFile ransomwareTrickBot’s favorite ransomwareWill leak or auction off data if victims don’t pay the ransom Cobalt Strike White hat-designed pen testing tool that’s been corrupted and used for evilVery powerful features like process injection, privilege escalation and credential harvestingThe customizability and scalability are just too GOOD not to be abused by BAD actors Victimized by malware The good news (I guess) is that last year’s average ransom payment peaked at $200,000 and today’s average is just below $150,000. The bad news is that hackers are spreading the love and targeting businesses of all sizes. In fact, most victims are small businesses that end up paying around $50,000. Ransomware actors are getting better with their tactics, recruiting talent and providing a streamlined user experience. The whole process is terrifyingly simple and for every one that gets shut down, two spring up to replace it. To top it off, supply chain attacks are becoming a massive issue. Protect yourself and your business The key to staying safe is a layered approach to cybersecurity backed up by a cyber resilience strategy. Here are tips from our experts. Strategies for business continuity Lock down Remote Desktop Protocols (RDP)Educate end usersInstall reputable cybersecurity softwareSet up a strong backup and disaster recovery plan Strategies for individuals Develop a healthy dose of suspicion toward messagesProtect devices with antivirus and data with a VPNKeep your antivirus software and other apps up to dateUse a secure cloud backupCreate strong, unique passwords (and don’t reuse them across accounts)If a download asks to enable macros, DON’T DO IT Discover more about 2021’s Nastiest Malware on the Webroot Community. The post The 6 Nastiest Malware of 2021 appeared first on Webroot Blog.
The Rise of Ransomware Ransomware attacks dominate news coverage of the cybersecurity industry. And it’s no wonder – with million-dollar payouts, infrastructure attacks and international manhunts, ransomware makes for exciting headlines. But its recent domination of the airwaves has been a long time coming. show more ...
“The first types of ransomware have existed for quite some time, going all the way back to the early 2000’s,” says Grayson Milbourne, security intelligence director at Carbonite + Webroot. Going through the history of ransomware, Grayson notes that it started as small time swindles “with the goal of getting you to pay 50 bucks.” Evolving Threats The ransomware we see today has evolved over the last 20 years to become the monster seen in news headlines. Instead of petty crooks, we now see criminal gangs that combine ransomware with worm-like capabilities that utilize a double extortion method. In other words, “ransomware isn’t just a targeted model that you have to click on to fall for. Anybody can be attacked and breached,” explains Tyler Moffitt, senior threat analyst at Carbonite + Webroot. The New Standard of Ransomware Hackers not only steal and lock files away, they also leak data in the most damaging way if a ransom settlement is not reached. And the new brand of ransomware spreads through networks and across businesses so you might fall victim even though it was your colleague or business partner that clicked on the wrong link. These new methods helped skyrocket the average ransom payment to almost $150,000. Even worse, most ransom payments end being around $50,000. The high average payment is buoyed by a few million-dollar ransoms, but most victims are small and medium businesses. Fighting Back Luckily, the news isn’t all bad. Yes, ransomware has had years to evolve into the juggernaut it is today. But analysts, security experts and threat researchers have also had time to craft new tools to keep people and businesses safe. “It’s so much better modernizing your infrastructure up front in the appropriate defense in depth,” says Jon Murchison, CEO of Blackpoint Cyber. For Murchison, security efforts cannot wait until an attack happens, they need to be adopted in advance. But the right tools, Murchison says “will save you from a bad day or an existential day to your business.” Check out episode 2 to learn more about how ransomware has evolved and how you can protect yourself in the face of these new threats. Then stay tuned for Carbonite + Webroot’s episode 3 in our series on ransomware. The post Ransomware Series: Video 2 appeared first on Webroot Blog.