Cyber security aggregate rss news

Cyber security aggregator - feeds history

image for Norton 360 Now Comes ...

 A Little Sunshine

Norton 360, one of the most popular antivirus products on the market today, has installed a cryptocurrency mining program on its customers’ computers. Norton’s parent firm says the cloud-based service that activates the program and allows customers to profit from the scheme — in which the company   show more ...

keeps 15 percent of any currencies mined — is “opt-in,” meaning users have to agree to enable it. But many Norton users complain the mining program is difficult to remove, and reactions from longtime customers have ranged from unease and disbelief to, “Dude, where’s my crypto?” Norton 360 is owned by Tempe, Ariz.-based NortonLifeLock Inc. In 2017, the identity theft protection company LifeLock was acquired by Symantec Corp., which was renamed to NortonLifeLock in 2019 (LifeLock is now included in the Norton 360 service). According to the FAQ posted on its site, “Norton Crypto” will mine Ethereum (ETH) cryptocurrency while the customer’s computer is idle. The FAQ also says Norton Crypto will only run on systems that meet certain hardware and software requirements (such as an NVIDIA graphics card with at least 6 GB of memory). “Norton creates a secure digital Ethereum wallet for each user,” the FAQ reads. “The key to the wallet is encrypted and stored securely in the cloud. Only you have access to the wallet.” NortonLifeLock began offering the mining service in July 2021, and early news coverage of the program did not immediately receive widespread attention. That changed on Jan. 4, when Boing Boing co-editor Cory Doctorow tweeted that NortonCrypto would run by default for Norton 360 users. NortonLifeLock says Norton Crypto is an opt-in feature only and is not enabled without user permission. “If users have turned on Norton Crypto but no longer wish to use the feature, it can be disabled by temporarily shutting off ‘tamper protection’ (which allows users to modify the Norton installation) and deleting NCrypt.exe from your computer,” NortonLifeLock said in a written statement. However, many users have reported difficulty removing the mining program. From reading user posts on the Norton Crypto community forum, it seems some longtime Norton customers were horrified at the prospect of their antivirus product installing coin-mining software, regardless of whether the mining service was turned off by default. “How on Earth could anyone at Norton think that adding crypto mining within a security product would be a good thing?,” reads a Dec. 28 thread titled “Absolutely furious.” “Norton should be DETECTING and killing off crypto mining hijacking, not installing their own,” the post reads. “The product people need firing. What’s the next ‘bright idea’? Norton Botnet? ‘ And I was just about to re-install Norton 360 too, but this has literally has caused me to no longer trust Norton and their direction.” It’s an open question whether Norton Crypto users can expect to see much profit from participating in this scheme, at least in the short run. Mining cryptocurrencies basically involves using your computer’s spare resources to help validate financial transactions of other crypto users. Crypto mining causes one’s computer to draw more power, which can increase one’s overall electricity costs. “Norton is pretty much amplifying energy consumption worldwide, costing their customers more in electricity use than the customer makes on the mining, yet allowing Norton to make a ton of profit,” tweeted security researcher Chris Vickery. “It’s disgusting, gross, and brand-suicide.” Then there’s the matter of getting paid. Norton Crypto lets users withdraw their earnings to an account at cryptocurrency platform CoinBase, but as Norton Crypto’s FAQ rightly points out, there are coin mining fees as well as transaction costs to transfer Ethereum. “The coin mining fee is currently 15% of the crypto allocated to the miner,” the FAQ explains. “Transfers of cryptocurrencies may result in transaction fees (also known as “gas” fees) paid to the users of the cryptocurrency blockchain network who process the transaction. In addition, if you choose to exchange crypto for another currency, you may be required to pay fees to an exchange facilitating the transaction. Transaction fees fluctuate due to cryptocurrency market conditions and other factors. These fees are not set by Norton.” Which might explain why so many Norton Crypto users have taken to the community’s online forum to complain they were having trouble withdrawing their earnings. Those gas fees are the same regardless of the amount of crypto being moved, so the system simply blocks withdrawals if the amount requested can’t cover the transfer fees. Norton Crypto. Image: Bleeping Computer. I guess what bothers me most about Norton Crypto is that it will be introducing millions of perhaps less savvy Internet users to the world of cryptocurrency, which comes with its own set of unique security and privacy challenges that require users to “level up” their personal security practices in fairly significant ways. Several of my elder family members and closest friends are longtime Norton users who renew their subscription year after year (despite my reminding them that it’s way cheaper just to purchase it again each year as a new user). None of them are particularly interested in or experts at securing their computers and digital lives, and the thought of them opening CoinBase accounts and navigating that space is terrifying. Big Yellow is not the only brand that’s cashing in on investor fervor over cryptocurrencies and hoping to appeal to a broader (or maybe just older) audience: The venerable electronics retailer RadioShack, which relaunched in 2020 as an online-focused brand, now says it plans to chart a future as a cryptocurrency exchange. “RadioShack’s argument is basically that as a very old brand, it’s primed to sell old CEOs on cryptocurrency,” writes Adi Robertson for The Verge. “Too many [cryptocurrency companies] focused on speculation and not enough on making the ‘old-school’ customer feel comfortable,” the company’s website states, claiming that the average “decision-making” corporate CEO is 68 years old. “The older generation simply doesn’t trust the new-fangled ideas of the Bitcoin youth.”

 Trends, Reports, Analysis

Ransomware groups are constantly shifting, inheriting software from other groups while vanishing from view to avoid scrutiny from law enforcement only to resurface under other names, warns Darktrace.

 Malware and Vulnerabilities

New vulnerabilities have been discovered in FreeRTOS, the open-source operating system that runs most of the small microprocessors and microcontrollers used in many IoT hardware items.

 Malware and Vulnerabilities

The most severe is a use-after-free flaw in Storage that could enable code execution in the context of the browser. The 10 high-severity flaws include use-after-free and improper implementation bugs.

 Companies to Watch

Human Security, a collective protection platform against bot attacks and fraud, raised $100M in growth funding led by WestCap, with participation from NightDragon and other current investors.

 Trends, Reports, Analysis

SlimPay, a payment services company, has been fined ~$203,000 by the French CNIL regulatory body after it was found holding sensitive customer data on a publicly accessible server for five years.

 Expert Blogs and Opinion

Deception techniques use misleading tactics to lure attackers, from fake network environments to honeypots, to catch them operating undetected while collecting information to help dissect any attack.

 Malware and Vulnerabilities

Several ICS companies have informed customers that their products are not impacted, including Inductive Automation, VTScada, and COPA-DATA, whereas others are still investigating the flaws.

 Trends, Reports, Analysis

Experts claimed that state-backed North Korean hackers have stolen nearly $1.7 billion worth of cryptocurrency from various exchanges in the past five years. Federal prosecutors from the U.S. believe that the Government of North Korea regards cryptocurrency as a long-term investment. Crypto exchanges are suggested to use additional layers of security, such as 2FA, hardware wallets, and storing private keys offline.

 Identity Theft, Fraud, Scams

The QR codes found by Austin police department directed unsuspecting users to a fraudulent website that would ask for payment details with a false promise that their parking session would be paid for.

 Emerging Threats

Cybersecurity researchers claimed to have found over a thousand phishing toolkits that are able to hack two-factor authentication, allowing hackers to conduct sophisticated attacks on a target system. It is bizarre to admit that most of these MitM phishing toolkits in use by attackers are based on tools developed by   show more ...

researchers themselves. Vulnerable organizations can use a tool called PHOCA to identify a MitM attempt.

 Feed

Ubuntu Security Notice 5213-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

 Feed

Red Hat Security Advisory 2021-5208-05 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.8.25.

 Feed

Ubuntu Security Notice 5211-1 - Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages.

 Feed

Ubuntu Security Notice 5210-1 - Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages. It was discovered that the Linux kernel did not properly   show more ...

enforce certain types of entries in the Secure Boot Forbidden Signature Database protection mechanism. An attacker could use this to bypass UEFI Secure Boot restrictions.

 Feed

The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. This affects kernel/bpf/core.c and net/core/filter.c. Maxim Levitsky discovered that the   show more ...

KVM hypervisor implementation for AMD processors in the Linux kernel did not properly prevent a guest VM from enabling AVIC in nested guest VMs. An attacker in a guest VM could use this to write to portions of the host’s physical memory. Other vulnerabilities have also been addressed.

 Feed

Ubuntu Security Notice 5209-1 - Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages. It was discovered that a race condition existed in the timer implementation in the Linux kernel. A privileged attacker could use this cause a denial of service.

 Feed

Red Hat Security Advisory 2022-0034-01 - Red Hat Single Sign-On 7.5 container images for IBM P/Z, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This is a security update Red Hat Single Sign-On 7.5, and includes one security fix.

 Feed

Ubuntu Security Notice 5208-1 - Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages. It was discovered that a race condition existed in the overlay   show more ...

file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service.

 Feed

Ubuntu Security Notice 5207-1 - Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages. It was discovered that the eBPF implementation in the Linux   show more ...

kernel contained a race condition around read-only maps. A privileged attacker could use this to modify read-only maps.

 Feed

Ubuntu Security Notice 5212-1 - It was discovered that the Apache HTTP Server incorrectly handled certain forward proxy requests. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly perform a Server Side Request Forgery attack. It was discovered that the   show more ...

Apache HTTP Server Lua module incorrectly handled memory in the multipart parser. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code.

 Feed

Ubuntu Security Notice 5206-1 - Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages.

 Feed

VMWare has shipped updates to Workstation, Fusion, and ESXi products to address an "important" security vulnerability that could be weaponized by a threat actor to take control of affected systems. The issue relates to a heap-overflow vulnerability — tracked as CVE-2021-22045 (CVSS score: 7.7) — that, if successfully exploited, results in the execution of arbitrary code. The company credited

 Feed

Google has rolled out the first round of updates to its Chrome web browser for 2022 to fix 37 security issues, one of which is rated Critical in severity and could be exploited to pass arbitrary code and gain control over a victim's system. Tracked as CVE-2022-0096, the flaw relates to a use-after-free bug in the Storage component, which could have devastating effects ranging from corruption of

 Feed

Researchers have disclosed a novel technique by which malware on iOS can achieve persistence on an infected device by faking its shutdown process, making it impossible to physically determine if an iPhone is off or otherwise. The discovery — dubbed "NoReboot" — comes courtesy of mobile security firm ZecOps, which found that it's possible to block and then simulate an iOS rebooting operation,

 Feed

When I want to know the most recently published best practices in cyber security, I visit The National Institute of Standards and Technology (NIST). From the latest password requirements (NIST 800-63) to IoT security for manufacturers (NISTIR 8259), NIST is always the starting point. NIST plays a key role as a US standard-setter, due to the organization's professionalism and the external experts

 Feed

A North Korean cyberespionage group named Konni has been linked to a series of targeted attacks aimed at the Russian Federation's Ministry of Foreign Affairs (MID) with New Year lures to compromise Windows systems with malware. "This activity cluster demonstrates the patient and persistent nature of advanced actors in waging multi-phased campaigns against perceived high-value networks,"

2022-01
Aggregator history
Thursday, January 06
SAT
SUN
MON
TUE
WED
THU
FRI
JanuaryFebruaryMarch