Client-Side Scanning Is An Insecure Nightmare Just Waiting To Be Exploited By Governments or companies. Apple basically installing spyware under a nice name.

In August, Apple declared that combating the spread of CSAM (child sexual abuse material) was more important than protecting millions of users who’ve never used their devices to store or share illegal material. While encryption would still protect users’ data and communications (in transit and at rest), Apple had given itself permission to inspect data Read more about Client-Side Scanning Is An Insecure Nightmare Just Waiting To Be Exploited By Governments or companies. Apple basically installing spyware under a nice name.[…]

Bombshell Report Finds Phone Network Encryption Was Deliberately Weakened

It was a closed source backdoored system. This goes to show that weakening encryption for political reasons and trusting software that can’t be audited independently is a Bad Idea ™ A weakness in the algorithm used to encrypt cellphone data in the 1990s and 2000s allowed hackers to spy on some internet traffic, according to Read more about Bombshell Report Finds Phone Network Encryption Was Deliberately Weakened[…]

Google, Facebook, Chaos Computer Club join forces to oppose German state spyware

Plans by the German government to allow the police to deploy malware on any target’s devices, and force the tech world to help them, has run into some opposition, funnily enough. In an open letter this month, the Chaos Computer Club – along with Google, Facebook, and others – said they are against proposals to Read more about Google, Facebook, Chaos Computer Club join forces to oppose German state spyware[…]

China behind another hack as U.S. cybersecurity issues mount

China is behind a newly discovered series of hacks against key targets in the U.S. government, private companies and the country’s critical infrastructure, cybersecurity firm Mandiant said Wednesday. The hack works by breaking into Pulse Secure, a program that businesses often use to let workers remotely connect to their offices. The company announced Tuesday how Read more about China behind another hack as U.S. cybersecurity issues mount[…]

SolarWinds hack was done by Kremlin’s APT29 crew, say UK and US

Russia’s infamous APT 29, aka Cozy Bear, was behind the SolarWinds Orion attack, the US and UK governments said today as America slapped sanctions on Russian infosec companies as well as expelling diplomats from that country’s US embassy. One of the sanctioned companies is Positive Technologies, familiar in the West for, among other things, in-depth Read more about SolarWinds hack was done by Kremlin’s APT29 crew, say UK and US[…]

FBI deletes web shells from hundreds of compromised Microsoft Exchange servers before alerting admins

The FBI deleted web shells installed by criminals on hundreds of Microsoft Exchange servers across the United States, it was revealed on Tuesday. The Feds were given approval by the courts to carry out the deletions, which occurred without first warning the servers’ owners, following the discovery and exploitation of critical vulnerabilities in the enterprise Read more about FBI deletes web shells from hundreds of compromised Microsoft Exchange servers before alerting admins[…]

Wi-Fi slinger Ubiquiti hints at source code leak after claim of ‘catastrophic’ cloud intrusion emerges

News that Ubiquiti’s cloud servers had been breached emerged on January 11, 2021, when the company emailed customers the text found in this support forum post. That missive stated: “We recently became aware of unauthorized access to certain of our information technology systems hosted by a third-party cloud provider.” That announcement continued, “We have no Read more about Wi-Fi slinger Ubiquiti hints at source code leak after claim of ‘catastrophic’ cloud intrusion emerges[…]

The “Crazy Huge Hack” of Microsoft, Explained – it dwarfs SolarWinds

Last week, Microsoft announced that the on-premises version of its widely used email and calendaring product Exchange had several previously undisclosed security flaws. These flaws, the company said, were being used by foreign threat actors to hack into the networks of U.S. businesses and governments, primarily to steal large troves of email data. Since then, Read more about The “Crazy Huge Hack” of Microsoft, Explained – it dwarfs SolarWinds[…]

Supermicro hardware Hack: Yep did happen. How China Exploited a U.S. Tech Supplier Over Years

In 2010, the U.S. Department of Defense found thousands of its computer servers sending military network data to China—the result of code hidden in chips that handled the machines’ startup process. In 2014, Intel Corp. discovered that an elite Chinese hacking group breached its network through a single server that downloaded malware from a supplier’s Read more about Supermicro hardware Hack: Yep did happen. How China Exploited a U.S. Tech Supplier Over Years[…]

FireEye publishes details of SolarWinds hacking techniques, gives out free tool to detect signs of intrusion

n an update and white paper [PDF] released on Tuesday, FireEye warned that the hackers – which intelligence services and computer security outfits have concluded were state-sponsored Russians – had specifically targeted two groups of people: those with access to high-level information, and sysadmins. But the targeting of those accounts will be difficult to detect, Read more about FireEye publishes details of SolarWinds hacking techniques, gives out free tool to detect signs of intrusion[…]

Malwarebytes targeted by Nation State Actor implicated in SolarWinds breach. Evidence suggests abuse of privileged access to Microsoft Office 365 and Azure environments

While Malwarebytes does not use SolarWinds, we, like many other companies were recently targeted by the same threat actor. We can confirm the existence of another intrusion vector that works by abusing applications with privileged access to Microsoft Office 365 and Azure environments. After an extensive investigation, we determined the attacker only gained access to Read more about Malwarebytes targeted by Nation State Actor implicated in SolarWinds breach. Evidence suggests abuse of privileged access to Microsoft Office 365 and Azure environments[…]

Vietnam targeted in complex supply chain attack through CA

A group of mysterious hackers has carried out a clever supply chain attack against Vietnamese private companies and government agencies by inserting malware inside an official government software toolkit. The attack, discovered by security firm ESET and detailed in a report named “Operation SignSight,” targeted the Vietnam Government Certification Authority (VGCA), the government organization that Read more about Vietnam targeted in complex supply chain attack through CA[…]

SolarWinds’ shares drop 22 per cent. But what’s this? $286m in stock sales just before hack announced?

Two Silicon Valley VC firms, Silver Lake and Thoma Bravo, sold hundreds of millions of dollars in SolarWinds shares just days before the software biz emerged at the center of a massive hacking campaign. Silver Lake and Thoma Bravo deny anything untoward. The two firms owned 70 per cent of SolarWinds, which produces networking monitoring Read more about SolarWinds’ shares drop 22 per cent. But what’s this? $286m in stock sales just before hack announced?[…]

Microsoft warns against SMS, voice calls for multi-factor authentication: Try something that can’t be SIM swapped

In a blog post, Alex Weinert, director of identity security at Microsoft, says people should definitely use MFA. He claims that accounts using any type of MFA get compromised at a rate that’s less than 0.1 per cent of the general population. At the same time, he argues people should avoid relying on SMS messages Read more about Microsoft warns against SMS, voice calls for multi-factor authentication: Try something that can’t be SIM swapped[…]

Your Edge Browser Installed Microsoft Office Without Asking. NO!

Edge Chromium started out as a respectable alternative to Google Chrome on Windows, but it didn’t take long for Microsoft to turn it into a nuisance. To top it off, it looks like Edge is now a vector for installing (even more) Microsoft stuff on your PC—without you asking for it, of course. We don’t Read more about Your Edge Browser Installed Microsoft Office Without Asking. NO![…]

European Police Malware Could Harvest GPS, Messages, Passwords, More from Encrochat devices

The malware that French law enforcement deployed en masse onto Encrochat devices, a large encrypted phone network using Android phones, had the capability to harvest “all data stored within the device,” and was expected to include chat messages, geolocation data, usernames, passwords, and more, according to a document obtained by Motherboard. The document adds more Read more about European Police Malware Could Harvest GPS, Messages, Passwords, More from Encrochat devices[…]

Netgear was told in January its routers can be hacked and hijacked. This week, first patches released – after exploits, details made public

Netgear has issued patches to squash security vulnerabilities in two router models that can be exploited to, for instance, open a superuser-level telnet backdoor. Those two devices are the R6400v2 and R6700v3, and you can get hot-fixes for the holes here. However, some 77 models remain reportedly vulnerable, and no fixes are available. For the Read more about Netgear was told in January its routers can be hacked and hijacked. This week, first patches released – after exploits, details made public[…]

From the crew behind the Sony Pictures hack comes Operation Interception: An aerospace cyber-attack thriller

Threat intel researchers have uncovered a phishing and malware campaign that targeted “a large European aerospace company” and which was run by the same North Koreans behind the hack of Sony Pictures. While there are quite a few European aerospace firms, Slovakian infosec biz ESET was more concerned with the phishing ‘n’ malware campaign it Read more about From the crew behind the Sony Pictures hack comes Operation Interception: An aerospace cyber-attack thriller[…]

PrintDemon vulnerability impacts all Windows versions | ZDNet

Two security researchers have published today details about a vulnerability in the Windows printing service that they say impacts all Windows versions going back to Windows NT 4, released in 1996. The vulnerability, which they codenamed PrintDemon, is located in Windows Print Spooler, the primary Windows component responsible for managing print operations. The service can Read more about PrintDemon vulnerability impacts all Windows versions | ZDNet[…]

Chinas Winnti group stayed under the radar for a decade by aiming for Linux servers

A group of hackers operating as an offshoot of China’s Winnti group managed to stay undetected for more than a decade by going open source. A report from BlackBerry outlines how the group, actually a collection of five smaller crews of hackers thought to be state-sponsored, assembled in the wake of Winnti and exploited Linux Read more about Chinas Winnti group stayed under the radar for a decade by aiming for Linux servers[…]

U.S. government limits exports of artificial intelligence software – seem to have forgotten what happened when they limited cryptographic exports in the 90s

The Trump administration will make it more difficult to export artificial intelligence software as of next week, part of a bid to keep sensitive technologies out of the hands of rival powers like China. Under a new rule that goes into effect on Monday, companies that export certain types of geospatial imagery software from the Read more about U.S. government limits exports of artificial intelligence software – seem to have forgotten what happened when they limited cryptographic exports in the 90s[…]

Chinese hacker group caught bypassing 2FA

Security researchers say they found evidence that a Chinese government-linked hacking group has been bypassing two-factor authentication (2FA) in a recent wave of attacks. The attacks have been attributed to a group the cyber-security industry is tracking as APT20, believed to operate on the behest of the Beijing government, Dutch cyber-security firm Fox-IT said in Read more about Chinese hacker group caught bypassing 2FA[…]

Sure, we made your Wi-Fi routers phone home with telemetry, says Ubiquiti. What of it?

Ubiquiti Networks is fending off customer complaints after emitting a firmware update that caused its UniFi wireless routers to quietly phone HQ with telemetry. It all kicked off when the US-based manufacturer confirmed that a software update released this month programmed the devices to establish secure connections back to Ubiquiti servers and report information on Read more about Sure, we made your Wi-Fi routers phone home with telemetry, says Ubiquiti. What of it?[…]

xHelper Android Malware Can Survive a Factory Reset

Though this somewhat-new “xHelper” malware has affected a low number of Android users so far (around 45,000, estimates Symantec), the fact that nobody has any clear advice on how to remove it is a worrisome fact. While the odds are good that you won’t get hit with this malware, given its low installation rate so Read more about xHelper Android Malware Can Survive a Factory Reset[…]