All about Security, News, Events and Incidents

You mean with help from Micro$lopes Update servers? I have closed the door

 

It's getting pretty old listening to the frequent media hype and hoopla about all the vulnerabilities and exploits, but this is ridiculous. If you give a stranger with specialized hardware physical access/possession of your PC the real vulnerability it the idiot that owns the computer, not the CPU or any other part of the computer.

Here's another security bulletin: If you point a loaded gun at your head and pull the trigger, you're going to die.

They should just issue one security bulletin that says, "News Flash: There is no such thing as a secure computer" and be done with it.

 

The issue is the executable driver package arbitrarily installs the NVMe controller drivers for ALL Samsung drives, including those for which it is not compatible and that renders the system unbootable if it is an OS drive. If you have Device Manager open and watch, you can see that. Everything is just peachy until you reboot. Then you're screwed. The installer should not behave that way. It should only install the driver where it is applicable.

The only way to do it without messing up your system is to do an INF installation using the "Have Disk" method manually for only the PCIe ports with a compatible Samsung consumer NVMe drive installed.

 

It's holes everywhere. But all those known Intel security flaws isn't what will hit you. Much easier ways steal your info.

Microsoft: 99.9% of compromised accounts did not use multi-factor authentication
"In most cases, the account hacks happen after rather simplistic attacks. The primary sources of most hacks of Microsoft accounts was password spraying, a technique during which an attacker picks a common and easy-to-guess password, and goes through a long list of usernames until they get a hit and can access an account using said password".

Brazilian security firm leaks more than 25 GB of client and staff data
A home and business security business with several subsidiaries has exposed hundreds of thousands of client and employee files, an investigation by ZDNet in partnership with The Hack has found.

Virgin Media exposes data of 900,000 users via unprotected marketing database
UK telephone, television, and internet provider Virgin Media discloses data leak.

Backdoor malware is being spread through fake security certificate alerts
Victims of this new technique are invited to install a malicious "security certificate update" when they visit compromised websites.

Vulnerability (CVE-2020-9054) also in Zyxel firewall
Published on March 6, 2020 by Günter Born

​

Zyxel's USG / ATP firewalls are also affected by the CVE-2020-9054 vulnerability, like their NAS. The manufacturer has released a firmware update to close the vulnerability.

 

Exactly. Have something for the AMD folks as well.

New AMD Side Channel Attacks Discovered, Impacts Zen Architecture tomshardware.com | Mar 7, 2020

A new paper released by the Graz University of Technology details two new attacks, Collide+Probe and Load+Reload, that can leak secret data from AMD processors by manipulating the L1D cache predictor. The researchers claim that the vulnerability impacts all AMD processors from 2011 to 2019, meaning that the Zen microarchitecture is also impacted. (PDF)

 

Plot twist

Spoiler

everybody loses

 

Totally expected. We can expect more. It is not a bad reflection on AMD, just I as have never viewed it as being a bad reflection on Intel. It was only a matter of time before efforts to uncover AMD-specific vulnerabilities would become a point of emphasis. This will make some folks that wanted to believe AMD was more secure really upset, but there really is no such thing as a secure phone, tablet or computer. They need to stop being silly and realize that believing that is just living in fantasy land.

Nothing that connects to the internet is secure. The only products that do not have vulnerabilities are those that the hackers are not paying attention to. Anyone that thinks anything is secure is just living in denial. The reason Intel CPUs have more *known* (key word) vulnerabilities is that it is where all of the focus on discovering them has been concentrated.

Remember how Linux and crApple fanboys used to chirp about how "secure" their crap was? I know I do. It was only because those operating systems were not popular enough for hackers to burn any calories on them. The more popular they become, the more their weaknesses are revealed.

So, the only thing that has changed is AMD has joined the rest of us the 21st Century. Welcome to the big time, Team Red. I'm not casting any stones their way. It is what it is. Que sera sera.

 

Android security warning: One billion devices no longer getting updates zdnet.com | Mar 6, 2020
If you're running version 6.0 of Android or earlier you're vulnerable to malware, says consumer watchdog.

More than one billion Android devices around the world are no longer supported by security updates, leaving them potentially vulnerable to attack.

 

Uh-huh... yup... just starting to scratching the surface...
AMD processors from 2011 to 2019 vulnerable to two new attacks | ZDNet
By Catalin Cimpanu for Zero Day | March 7, 2020

 

Intel CPUs vulnerable to new LVI attacks zdnet.com | Today 10th Mar 2020
Researchers say Intel processors will need another round of silicon chip re-designs to protect against new attack.

ONLY INTEL CPUS CONFIRMED TO BE AFFECTED -- FOR NOW
Currently, only Intel CPUs have been confirmed to be impacted by the new LVI attacks in real-world tests. However, researchers don't rule out that CPUs from AMD and ARM could also be affected.

"In principle, any processor that is vulnerable to Meltdown-type data leakage would also be vulnerable to LVI-style data injection," researchers wrote on a website dedicated to the LVI attacks.

"Some non-Intel processors have been shown to be affected by some variants of Meltdown and Foreshadow," they added.

"We maintain an up-to-date overview on the website Transient.fail website. Select Meltdown + vendor ARM or AMD."

Researchers suggest that the Meltdown variations listed on the website, of which there are few, could be used for theoretical injection points for an LVI attack on other vendors' CPUs; although they have not verified any such claims in practice, so far.

 

"Details about new SMB wormable bug leak in Microsoft Patch Tuesday snafu"

- SMB vulnerability is currently not patched, but now everyone knows it's there.

- Details about a new "wormable" vulnerability in the Microsoft Server Message Block (SMB) protocol have accidentally leaked online today during the preamble to Microsoft's regular Patch Tuesday update cycle.

- No technical details have been published, but short summaries describing the bug have been posted on the websites of two cyber-security firms

- it's unclear when it will be patched.

- Fortinet only lists Windows 10 v1903, Windows10 v1909, Windows Server v1903, and Windows Server v1909 as impacted by the new CVE-2020-0796 bug.

https://www.zdnet.com/article/detai...le-bug-leak-in-microsoft-patch-tuesday-snafu/

---

For those who wonder, SMB is the protocol used for Windows file sharing over a network.

 

I fix it for you

Microsoft have now pushed out patch for SMBv3 wormable bug that leaked earlier this week.

The vulnerability, dubbed SMBGhost or EternalDarkness, only impacts devices running Windows 10, version 1903 and 1909, and Windows Server Server Core installations, versions 1903 and 1909.

Yeah, new or latest and greatest is always better @Mr. Fox +++

Manual download of the patch can be found here... http://forum.notebookreview.com/threads/windows-10-1903.827243/page-44#post-10996190

------------------------------------------------



SECURITY
DDR4 Memory Still At Rowhammer Risk, New Method Bypasses Fixes bleepingcomputer.com | Today

Academic researchers testing modern memory modules from Samsung, Micron, and Hynix discovered that current protections against Rowhammer attacks are insufficient...

 

"Microsoft and partners across 35 countries took coordinated legal and technical steps to disrupt one of the world’s most prolific botnets, called Necurs"
"the result of eight years of tracking and planning"

Good, but 8 years of known & unhindered activity ?? And the criminals seemingly not identified. Shows the real state of security of the internet.

https://blogs.microsoft.com/on-the-issues/2020/03/10/necurs-botnet-cyber-crime-disrupt/

 

We should pool our resources to fund a black ops band of mercenaries and give them a seek and destroy global hit list. Dead hackers don't hack. They just lay there and do nothing.

 

And Microsoft follow same paths as usual...

Widespread reports of problems with the second March Win10 cumulative update, KB 4551762, the SMBv3 patch
Posted on March 14th, 2020 at 08:38 Askwoody.com

I was afraid this would happen. When Microsoft releases two security patches back-to-back, it’s rare that the second patch goes in without problems.

I’m seeing lots of reports with problems with Thursday’s post-Patch-Tuesday cumulative update, KB 4551762.

Günter Born kicked off the discussion on Borncity with Windows 10: KB4551762 causes errors 0x800f0988 and 0x800f0900.

Mayank Parmar at Windows Latest has more complaint reports — and they’re extensive:

 

I have a feeling this is what happens when the original authors / coders / programmers are no longer around to explain how a particular piece of software works. The new age, younger programmer a) doesn't understand, and b) not as skilled as those of us with a lot of gray hair and more than a handful of Jolt sodas / 24-hour coding sessions under our belts (experience goes a LOOONNGGG way).

 

Samsung has released new Samsung SSD Magician 6.1.0 March 17th, 2020

But as usual... There is a daily limit on the number of the updated software


But you'll get it at Techpowerup.com...

Samsung Magician SSD Software 6.1.0

6.1.0 (March 17th, 2020)

• Completely new GUI to provide a wide range of information more friendly and intuitively.
• PSID Revert–easy toinitialize the drive without visiting the service center.
• Diagnostic Scan to identify the detailed stateof the drive.
• Help function to solve user's curiosity and increase convenience.
• And many other improvements...

 

What does this have to do with security?

 

How many reasons do you need before you remove that flag? Magician sofware is about security, bruh

https://www.samsung.com/semiconductor/global.semi.static/Samsung_Magician_6_0_0_Installation Guide_v1.1.pdf




Software-update: Samsung Magician 6.1.0 - Computer...

 

That is just a small portion of the program, its main purpose is to manage the SSD, test it, check drive's health, benchmark it, update firmware, and enable caching.

 

Yeah, I know Samsung Magician isn't a replacment for AV Security software bundled with all sorts of bloat as performance optimization tools etc


And only Samsung know what they put into "many other improvements" for their latest release Not the first time they have to fix own flawed software.

CERT/CC warns for security issue with Samsung Magician SSD ...

 

It's not even close to replacing an Antiviurs, it has nothing to do with viruses, all it can do is encrypt a disk or shred files but the program falls into the category of disk maintenance apps no one ever thinks Security when the word Magician is mentioned.

 

Old tech dudes, like old rockers, always rock the hardest. Because we know how.

 

Microsoft Warns of Zero-Day Remote Code Execution Bugs Being Exploited in the Wild Wccftech.com | Today

Microsoft has warned attackers are actively exploiting an unpatched Windows zero-day vulnerability on fully updated devices. The vulnerability impacts devices running Windows 7, 8.1, and Windows 10. "Microsoft has become aware of limited targeted Windows 7 based attacks that could leverage un-patched vulnerabilities in the Adobe Type Manager Library," the company said in an advisory.

The workarounds include disabling the Preview Pane and Details Pane in Windows Explorer and the WebClient service, among others. IT administrators are recommended to check out this advisory for workarounds.

 

I can't in my wildest dream understand that smart people want this installed on their computers.

HP Support Assistant, marketed by HP as a "free self-help tool," is pre-installed on new HP desktops and notebooks, and it is designed to deliver automated support, updates, and fixes to HP PCs and printers.

"Improve the performance and reliability of your PCs and printers with automatic firmware and driver updates," HP says. "You can configure your options to install updates automatically or to notify you when updates are available."

Improve the performance? What? And for what reason? No computers will get improved performance from so-called optimization software. It's scam, as all other similar paid or free tools you find on the web.



SECURITY
Windows PCs Exposed to Attacks by Critical HP Support Assistant Bugs bleepingcomputer.com | Today
Several critical HP Support Assistant vulnerabilities expose Windows computers to remote code execution attacks and could allow attackers to elevate their privileges or to delete arbitrary files following successful exploitation.

"It is important to note that because HP has not patched three local privilege escalation vulnerabilities, even if you have the latest version of the software, you are still vulnerable unless you completely remove the agent from your machine," Demirkapi explained in his detailed technical description.

This is not the first time Demirkapi found critical vulnerabilities within software that comes pre-installed on major vendors' computers, including Lenovo and Dell.

 

Apple and Google join forces to spy on Android and iPhone users for Coronavirus purposes betanews.com | April 10, 2020


We are in the midst of a worldwide pandemic, so Americans should allow their rights to be trampled if it means beating the virus, right? Hell no! Not at all. Look, everyone wants to see the COVID-19 virus eradicated, but we shouldn't allow the tragedy to be amplified by allowing governments and corporations to take away our rights.

Sadly, Google and Apple are teaming up to do just that. You see, as a way to help governments, the two companies are planning to spy on smartphone users to help fight the Coronavirus. It will first be done with an optional app, but later integrated into both Android and iOS. Essentially, Bluetooth will be leveraged in tracking those infected with COVID-19 and warning those that come near them. While it sounds good on the surface, you are not wrong to be very worried.

Let's not forget, there is the possibility of hackers stealing collected data and either leaking or selling it to others. Law enforcement may even subpoena the data to convict those that opt in! Imagine ending up in jail because you thought you were helping fight disease.

And no, this isn't something that can be ignored because it is opt-in. Since it will ultimately be integrated into the operating systems, there is always the possibility of a bug "accidentally" causing users to become opted in. Yes, that really can happen. Google and Apple can talk about privacy until they are blue in the face, but no security is infallible.

 

"Windows Defender broken by recent updates, how to fix"

- When performing a full antivirus scan using Windows Defender, a recent definition update or Windows update is causing the program to crash in the middle of a scan.

- In BleepingComputer's tests, a Quick Scan will run fine and finish without any errors. When performing a Full Scan, though, it will ultimately hang at a certain number of files scanned.

- This problem is caused by the Windows Defender Antivirus Service service crashing, which will leads to a cascading series of errors displayed in event viewer and Windows Security.

- Microsoft has just released new Antivirus/Antispyware definition whose version is 1.313.1687.0 that fixes the issue.

https://www.bleepingcomputer.com/ne...defender-broken-by-recent-updates-how-to-fix/

---

Sigh... We'll let's hope the fix doesn't break something else, which has been par for the course for Microsoft lately.

 

More messed up coding.

Window 10 update weakened Google Chrome's security bleepingcomputer.com
A Windows 10 kernel bug made it possible to escape Google Chrome's sandbox, a security researcher with Google Project Zero found. The vulnerability was introduced with version 1903 of the operating system on May 21, 2019.

"Changing the behavior of Windows is out of the control of the Chromium development team. If a bug is found in the security enforcement mechanisms of Windows then the sandbox can break."

Small OS changes can lead to major issues
"I hope this gives an insight into how such a small change in the Windows kernel can have a disproportionate impact on the security of a sandbox environment," the researcher said.
"It also demonstrates the value of exploit mitigations around sandbox behaviors. At numerous points, the easy path to exploitation was shut down due to the mitigations."
"It’d be interesting to read the post-mortem on how the vulnerability was introduced. I find it likely that someone was updating the code and thought that this was a mistake and so 'fixed' it.
Perhaps there was no comment indicating its purpose, or just the security critical nature of the single line was lost in the mists of time. Whatever the case it should now be fixed, which indicates it wasn’t an intentional change."

 

Zero-day vulnerabilities in iOS Mail are being actively exploited to target high-profile users betanews.com | Today


Security firm ZecOps has published research about security vulnerabilities affecting iPhones and iPads. The critical flaws are yet to patched by Apple and are said to be actively used to target high-profile users such as journalists, employees of Fortune 500 companies and VIPs.

What's particularly worrying about the flaws is that they can be exploited by sending a message that appears to be blank. Opened in iOS Mail, the message can be used to run code and spy on activity without the need for any interaction from the victim. There is a suggestion that a nation-state could be involved.

 

We can talk about new tech and security


Microsoft Surface: Security concerns responsible for the lack of Thunderbolt & upgradable RAM (allegedly) notebookcheck.net

The lack of Thunderbolt 3 on Microsoft's Surface Laptops has been a problem for years. Such expensive products are just expected to support this standard. Now a video surfaced where an alleged Microsoft spokesperson names the reason for the lack of Thunderbolt 3 as well as upgradable RAM: Security.

Take it as a pinch of salt. But its a nice video showing how disgusting todays tech has become.

Soldered ram is the future bruh, due security, LOOL
https://twitter.com/i/status/1253917701719769088

 

Security in this case referring to their financial position being such that they get to sell more trash. Need more RAM? No problem... buy another turdbook with more RAM. There is something for everyone. Kool-Aid is available in 6 exciting flavors.

 

Unfixable Flaw Found in Thunderbolt Port that Unlocks any PC in Less Than 5 Minutes techpowerup.com | April 11, 2020

Before we get started, we should first let you know that while this security exploit is serious, it requires actual physical access to a device to execute. However, with that access comes unprecedented control over a device, once connected to a free Thunderbolt port. In fact, a hacker could theoretically access all data on a computer in under 5 minutes. On top of that, this data can be accessed even if the PC is locked, password protected, and has SSD/HDD encryption turned on... yikes.


Dutch researcher from the Eindhoven University of Technology has found a new vulnerability in Thunderbolt port that allows attackers with physical access to unlock any PC running Windows or Linux kernel-based OS in less than 5 minutes. The researcher of the university called Björn Ruytenberg found a method which he calls Thunderspy, which can bypass the login screen of any PC. This attack requires physical access to the device, which is, of course, dangerous on its own if left with a person of knowledge. The Thunderbolt port is a fast protocol, and part of the reason why it is so fast is that it partially allows direct access to computer memory. And anything that can access memory directly is a potential vulnerability.

The Thunderspy attack relies on just that. There is a feature built into the Thunderbolt firmware called "Security Level", which disallows access to untrusted devices or even turns off Thunderbolt port altogether. This feature would make the port be a simple USB or display output. However, the researcher has found a way to alter the firmware setting of Thunderbolt control chip in a way so it allows any device to access the PC. This procedure is done without any trace and OS can not detect that there was a change. From there, the magic happens. Using an SPI (Serial Peripheral Interface) programmer with a SOP8 clip that connects the pins of the programmer device to the controller, the attacker just runs a script from there. This procedure requires around $400 worth of hardware. Intel already put some protection last year for the Thunderbolt port called Kernel Direct Memory Access Protection, but that feature isn't implemented on PCs manufactured before 2019. And even starting from 2019, not all PC manufacturers implement the feature, so there is a wide group of devices vulnerable to this unfixable attack.



Thunderspy Thunderbolt Security Exploit Can Steal Your Data In Minutes, Millions Of PCs Vulnerable Hothardware.com | Today

Ruytenberg claims that Kernel DMA Protection doesn't provide full mitigation from attacks, and it cannot be fully patched with software. Also, he didn't find any Dell systems with full Kernel DMA Protection support, and only a handful of Lenovo and HP systems built in 2019 or later were found to be protected.

The only way to fully prevent Thunderspy attacks is to disable your Thunderbolt ports from within BIOS according to the researcher. However, to see if your current Thunderbolt-equipped system is affected, you can use Ruytenberg's Spycheck utility for Windows or Linux.

As I have stated before... No computer is or will be 100% secure. It's in their nature. Bash Intel processors for its recently discovered vulnerability issues etc and jump over on the Red side won't change this facts.


Update 5/11/2020 3:13 PM ET: Intel has confirmed that the attack doesn’t work on computers that do have Kernal DMA protection enabled. “This attack could not be successfully demonstrated on systems with Kernel DMA protection enabled. As always, we encourage everyone to follow good security practices, including preventing unauthorized physical access to computers,” a spokesperson told Engadget in a statement. In addition, Intel has released a blog post giving its own perspective on the issue.

 

"Bluetooth flaw allows impersonation of trusted devices"

- A flaw in a Bluetooth protocol is leaving millions of devices vulnerable to attacks, according to a study released by a Swiss research institute.

- The vulnerability, called Bluetooth Impersonation AttackS (BIAS), allows an intrusion by an attacker posing as a previously trusted Bluetooth device.

- More than 28 Bluetooth chips on nearly three dozen devices were found to be vulnerable. They include chips by Apple, Cypress, Qualcomm, Intel, Samsung and CSR.

- The Bluetooth Special Interest Group (SIG) that oversee Bluetooth protocols says it will be updating the Bluetooth Core Specification covering mutual authentication rules and tightening security protocols.

https://techxplore.com/news/2020-05-bluetooth-flaw-impersonation-devices.html

---

First Thunderbolt, now Bluetooth. Device connectivity comes with its set of issues.

 

"New CrossTalk attack impacts Intel's mobile, desktop, and server CPUs"

- Academics from a university in the Netherlands have published details today about a new vulnerability in Intel processors.

- The security bug... enables attacker-controlled code executing on one CPU core to leak sensitive data from other software running on a different core.

https://www.zdnet.com/article/new-crosstalk-attack-impacts-intels-mobile-desktop-and-server-cpus/

---

Well, if its not one thing, it's always another!

 

Or from another company.


Arm CPUs Impacted by Straight-Line Speculation (SLS) Vulnerability techpowerup.com | Yesterday, 09:21

When Spectre and Meltdown were discovered, the whole industry got on its legs and started to question CPU security more seriously. There are a plethora of attacks that exploit the CPU function called branch prediction, which predicts paths of code execution so it can ready them and execute them faster. This approach is one part of the microarchitectural techniques used to add performance to the CPU design. However, nothing comes without a cost. Despite adding more performance, the branch prediction had taken a toll on the security of CPUs, making them vulnerable to side-channel attacks. Spectre and Meltdown where both discovered in 2018 and they impact millions of CPUs around the world.

Today, a new side-channel vulnerability was discovered, and on Arm CPUs. Called the Straight-Line Speculation (SLS), the speculation bug is haunting all of Arm Armv-A based processors. This represents a wide range of devices being powered by these CPUs, so Arm is taking action to prevent it. The way SLS works is that whenever there is a change in instruction flow, the CPU just starts processing instructions found linearly in memory, instead of changing the path of flow. This action is resulting in a new SLS vulnerability marked as CVE-2020-13844. The vulnerability was discovered by Google SafeSide project last year and they have reported it to Arm. In the meantime, Arm was working on a fix and they already send them upstream to important operating systems and firmware suppliers so it can be resolved. Arm says that the chances of this attack are low, however, they can not be dismissed.

 

"UPnP vulnerability lets attackers steal data, scan internal networks"

- A vulnerability (CVE-2020-12695) in Universal Plug and Play (UPnP), which is implemented in billions of networked and IoT devices – personal computers, printers, mobile devices, routers, gaming consoles, Wi-Fi access points, and so on – may allow unauthenticated, remote attackers to exfiltrate data, scan internal networks or make the devices participate in DDoS attacks.

- ... in short, the vulnerability can be used to bypass DLP and network security devices to exfiltrate data, scan internal ports, and force millions of Internet-facing UPnP devices to become a source of amplified reflected TCP DDoS.
https://www.helpnetsecurity.com/2020/06/09/cve-2020-12695/

---

Plug and Pray??

 

New SMM Callout Privilege Escalation Vulnerability Affects AMD Platforms techpowerup.com | June 18, 2020

AMD on Wednesday disclosed a new security vulnerability affecting certain client- and APU processors launched between 2016 and 2019. Called the SMM Callout Privilege Escalation Vulnerability, discovered by Danny Odler, and chronicled under CVE-2020-12890, the vulnerability involves an attacker with elevated system privileges to manipulate the AGESA microcode encapsulated in the platform's UEFI firmware to execute arbitrary code undetected by the operating system. AMD plans to release AGESA updates that mitigate the vulnerability (at no apparent performance impact), to motherboard vendors and OEMs by the end of June 2020. Some of the latest platforms are already immune to the vulnerability.

 

Unpatched vulnerability identified in 79 Netgear router models zdnet.com | June 18, 2020
Bug lets attackers run code as "root" on vulnerable routers. Impacted routers go back to 2007

A whopping 79 Netgear router models are vulnerable to a severe security flaw that can let hackers take over devices remotely.

The vulnerability has been discovered by two security researchers independently, namely Adam Nichols from cyber-security GRIMM and a security researcher going by the nickname of d4rkn3ss, working for Vietnamese internet service provider VNPT.

According to Nichols, the vulnerability impacts 758 different firmware versions that have been used on 79 Netgear routers across the years, with some firmware versions being first deployed on devices released as far back as 2007.

 

Why Does Intel Keep Having Problems?

 

DATA PROTECTION
Is Microsoft Edge filching Firefox, Chrome users' data? Here's what Microsoft says
Microsoft Edge earned a negative spotlight this weekend thanks to how it handles importing browser data.
https://www.windowscentral.com/micr...x-chrome-users-data-heres-what-microsoft-says

Microsoft Edge was a hot topic over the weekend as a result of a Reddit post alleging the browser imports browser data from Chrome and Firefox without permission. The text of the original post has since been deleted, but many comments echo the same sentiment, alleging that Microsoft Edge gathers data from Chrome and Firefox without permission.

 

Microsoft Releases Urgent Windows Update to Patch Two Critical Flaws
https://thehackernews.com/2020/07/windows-security-update.html

 

Biden, billionaires and corporate accounts targeted in #Twitter #hack
Mass hacking ... Amazon, Apple, Uber and other celebrities ... Twitter and Bitcoin are in trouble.

The high-profile accounts posted about bitcoin deals in a major security breach
https://www.washingtonpost.com/technology/2020/07/15/musk-gates-twitter-hack/
https://www.linkedin.com/feed/update/urn:li:activity:6689543688873394176/
#hacking #securitybreach #bitcoin #ddos #socialengineering #securitybreaches #hacke

 

"Microsoft warns of critical Windows DNS Server vulnerability that’s ‘wormable’"

- System admins need to patch servers as quickly as possible

- Such a flaw could allow attackers to create special malware that remotely executes code on Windows servers and creates malicious DNS queries that could even eventually lead to a company’s infrastructure being breached.

- Windows 10 and other client versions of Windows are not affected by the flaw, as it only affects Microsoft’s Windows DNS Server implementation

https://www.theverge.com/2020/7/14/...er-security-vulnerability-patch-critical-flaw

---

17 yr old security hole? How far back will MS go to create patches on old Windows Server operating systems?

 

Twitter Details Its Massive Security Hack, What Happened And Corrective Actions Hothardware.com | Jul 18, 2020
Following a massive data breach earlier this week, Twitter now finds itself in the precarious position of balancing transparency with security. That's to say, Twitter has divulged some additional details about what happened and what steps it is taking in the aftermath, but is also keeping certain information close to... Read more...


Twitter is also aware that it is now in a position of "rebuilding trust". Yeah, until the next Hack.

 

SECURITY, HARDWARE, TECHNOLOGY
D-Link blunder: Firmware encryption key exposed in unencrypted image bleepingcomputer.com
The router manufacturer leaks encryption keys in some firmware versions letting reverse engineers decrypt the latest firmware images.

“More and more device manufacturers are moving toward encrypting firmware, however, most are starting from unencrypted firmware images. This usually means there must be an unencrypted firmware image with the password or key stored inside of it. If you can find the last unencrypted image, you can generally find the password and thus decrypt any subsequent encrypted images,” Starke further told BleepingComputer.

 

Warning: Vulnerability in QNAP NAS under attack, 62,000 infections borncity.com 2020-08-01

​

Another short warning for users who have QNAP NAS drives in use. The Qnatch malware has already managed 62,000 infections of such drives. In the meantime, the British and US governments are warning of this danger...

 

Intel is flooded with problems. Can't even protect own intellectual property.



SECURITY
Intel leak: 20GB of source code, internal docs from alleged breach bleepingcomputer.com | Today
Classified and confidential documents from U.S. chipmaker Intel, apparently resulting from a breach, have been uploaded earlier today to a public file sharing service.

------------------------------------------------------------------------------

And the usual from Microsoft. Nothing in between. Buggy patches.



SECURITY
Unpatched bug in Windows print spooler lets malware run as admin bleepingcomputer.com | Today
Researchers found a way to bypass a patch Microsoft released to address a bug in the Windows printing services, which gives attackers a path to executing malicious code with elevated privileges.

-------------------------------------------------------------------

Apple ain't much better. Apple security is rolling downwards the hill!

Apple and holey security: iCloud, iPhone and Mac
Posted on August 6, 2020 by Günter Born

​

At the moment, it looks to me as if Apple and its products are about to be shot down in terms of security. A vulnerability in Touch ID allowed hackers to take over iCloud accounts. And the security chips of the Macs and iPhones / iPads seem to be circumvented. Here is a brief overview...

 

"Confirmed: Garmin received decryptor for WastedLocker ransomware"

- ...can confirm that Garmin has received the decryption key to recover their files encrypted in the WastedLocker Ransomware attack.

- On July 23rd, 2020, Garmin suffered a worldwide outage where customers could not access their connected services, including the Garmin Connect, flyGarmin, Strava, inReach solutions.

- Employees later shared with BleepingComputer that the ransom demand was $10 million.

---

Wow! So crime *does* pay?

https://www.bleepingcomputer.com/ne...ceived-decryptor-for-wastedlocker-ransomware/

 

TeamViewer Flaw Could Let Hackers Steal System Password Remotely
If you are using TeamViewer, then beware and make sure you're running the latest version of the popular remote desktop connection software for Windows. TeamViewer team recently released a new version of its software that includes a patch for a severe vulnerability (CVE 2020-13699), which, if ...
Read More

 

Vulnerabilities in Qualcomm Snapdragon's DSP May Render 1 Billion Android Phones Vulnerable to Hacking techpowerup.com | Yesterday, 20:30

Vulnerabilities in Qualcomm's DSP (Digital Signal Processor) present in the company's Snapdragon SoCs may render more than a billion Android phones susceptible to hacking. According to research reported this week by security firm Check Point, they've found more than 400 vulnerabilities in Snapdragon's DSP, which may allow attackers to monitor locations, listen to nearby audio in real time, and exfiltrate locally-stored photos and videos - besides being able to render the phone completely unresponsive.

The vulnerabilities (CVE-2020-11201, CVE-2020-11202, CVE-2020-11206, CVE-2020-11207, CVE-2020-11208 and CVE-2020-11209) can be exploited simply via a video download or any other content that's rendered by the chip that passes through its DSP. Targets can also be attacked by installing malicious apps that require no permissions at all. Qualcomm has already tackled the issue by stating they have worked to validate the issue, and have already issued mitigations to OEMs, which should be made available via software updates in the future. In the meantime, the company has said they have no evidence any of these flaws is being currently exploited, and advise all Snapdragon platform users to only install apps via trusted locations such as the Play Store.