Problems? See this thread at archive.org.
Does anyone really believe that those hey google, alexa etc assistants espionage agents will ever be secure\private\safe?
"Hackers might have had access to your Alexa voice history"
https://www.androidauthority.com/amazon-alexa-hack-1147619/
-
Can't be better than this... Cheap - Chinaware doesn't always come for free.
Click fraud by the Chinese advertising network Mintegral in 1,200 iOS apps
Posted on August 25, 2020 by Günter Born
Security researchers have found that the Chinese advertising network Mintegral, which is included in 1,200 iOS apps, shows malicious behavior (extract data, perform click fraud). The apps with this advertising network have billions of installations. However, Apple cannot detect any harmful behavior in the SDK used, but has taken measures to prevent the user from collecting data in iOS.![[IMG]](images/storyImages/Schutz.jpg)
Malware on cheap China phones steals data and possibly money
Posted on August 25, 2020 by Günter Born
Pre-installed malware, which is repeatedly found on cheap China phones, is increasingly becoming a risk. Cases are now known where the malware has diverted not only data but also money from the accounts of the owners.
Last edited: Aug 25, 2020 -
![[IMG]](images/storyImages/170x170_QNAP-headpic.jpg)
SECURITY
Hackers are backdooring QNAP NAS devices with 3-year old RCE bug bleepingcomputer.com | Today
Hackers are scanning for vulnerable network-attached storage (NAS) devices running multiple QNAP firmware versions, trying to exploit a remote code execution (RCE) vulnerability addressed by QNAP in a previous release.
According to a report published today by researchers at Qihoo 360's Network Security Research Lab (360 Netlab), unknown threat actors are currently exploiting a remote command execution vulnerability due to a command injection weakness in QNAP NAS devices' firmware. -
![[IMG]](images/storyImages/170x170_windows-10-mesh-header.jpg)
MICROSOFT, SECURITY
Windows 10 themes can be abused to steal Windows accounts bleepingcomputer.com
Specially crafted Windows 10 themes and theme packs can be used in 'Pass-the-Hash' attacks to steal Windows account credentials from unsuspecting users.
Windows allows users to create custom themes that contain customized colors, sounds, mouse cursors, and the wallpaper that the operating system will use.
Custom themes can be used to steal Windows passwords
This weekend security researcher Jimmy Bayne (@bohops) revealed that specially crafted Windows themes could be used to perform Pass-the-Hash attacks.
Pass-the-Hash attacks are used to steal Windows login names and password hashes by tricking a user into accessing a remote SMB share that requires authentication.
When trying to access the remote resource, Windows will automatically try to login to the remote system by sending the Windows user's login name and an NTLM hash of their password.
In a Pass-the-Hash attack, the sent credentials are harvested by the attackers, who then attempt to dehash the password to access the visitors' login name and password.
Windows users can then switch between different themes as desired to change the appearance of the operating system. -
New Linux Malware Steals Call Details from VoIP Softswitch Systems
Cybersecurity researchers have discovered an entirely new kind of Linux malware dubbed "CDRThief" that targets voice over IP (VoIP) softswitches in an attempt to steal phone call metadata. "The primary goal of the malware is to exfiltrate various private data from a compromised softswitch, ...
Read More
New Unpatched Bluetooth Flaw Lets Hackers Easily Target Nearby Devices
Bluetooth SIG—an organization that oversees the development of Bluetooth standards—today issued a statement informing users and vendors of a newly reported unpatched vulnerability that potentially affects hundreds of millions of devices worldwide. Discovered independently by two separate teams of ...
Read More
Hackers Stole $5.4 Million From Eterbase Cryptocurrency Exchange
Cybercriminals successfully plundered another digital cryptocurrency exchange. European cryptocurrency exchange Eterbase this week disclosed a massive breach of its network by an unknown group of hackers who stole cryptocurrencies worth 5.4 million dollars. Eterbase, which has now entered ...
Read More
A Successful Self-Service Password Reset (SSPR) Project Requires User Adoption
IT help desks everywhere are having to adjust to the 'new normal' of supporting mainly remote workers. This is a major shift away from visiting desks across the office and helping ones with traditional IT support processes. Many reasons end-users may contact the helpdesk. However, password related ...
Read More
New Raccoon Attack Could Let Attackers Break SSL/TLS Encryption
A group of researchers has detailed a new timing vulnerability in Transport Layer Security (TLS) protocol that could potentially allow an attacker to break the encryption and read sensitive communication under specific conditions. Dubbed "Raccoon Attack," the server-side attack exploits a ...
Read More6730b, jclausius, Papusan and 1 other person like this. -
I am glad to say that has never happened, and probably never will. But, that has nothing whatsoever to do with the data leak.
Dr. AMK likes this. -
![[IMG]](images/storyImages/Quantum-Network-Concept.jpg)
"Revolutionary Quantum Cryptography Breakthrough Paves Way For Safer Online Communication"
This headline sure sounds like clickbait, but the research actually could be quite promising
jclausius, Vasudev, Papusan and 1 other person like this. -
Blindside is a new Specter vulnerability: affects Intel and AMD en24news.com | Sept 21, 2020
For the past two years, security flaws in processors have been a common concern in the technology industry. Processor manufacturers, where Intel has been most prevalent, have struggled to implement measures against deficiencies that in most cases are related to speculative executions in the Specter family. After a few months of lull, now the next vulnerability is emerging, affecting both Intel and AMD.
The security researchers conclude their report by stating that the progress made in recent years on measures against speculative execution is not as stable and comprehensive as the industry might have suggested. With Blindside, they show that speculative execution can still be exploited with easily accessible software methods. The report does not mention whether modern Intel architectures, such as Comet Lake and Ice Lake, are also vulnerable. It remains to be seen if AMD’s upcoming Zen 3 is as vulnerable as its predecessor.
...........................................................................................................................
Was first time mentioned by Zdnet.com last week... https://www.zdnet.com/article/new-blindside-attack-uses-speculative-execution-to-bypass-aslr/
Academics have developed a new technique for attacking secure computer systems by abusing speculative execution, a CPU mechanism that's normally used for performance optimizations.
The technique, named BlindSide, was detailed in a paper [PDF] published last week by a team of academics from the Stevens Institute of Technology in New Jersey, ETH Zurich, and the Vrije University in Amsterdam.
BlindSide attacks also work regardless of architecture, being tested on both Intel and AMD CPUs alike.
In addition, BlindSide attacks also work despite the recent mitigations that CPU vendors have added against speculative execution attacks like Spectre, Meltdown, and others.
The team's research paper proposes several mitigations that OS makers could deploy to counter BlindSide attacks.
-
A security hole in the Apple T2 chip endangers Mac users, a patch is not possible notebookcheck.com
![[IMG]](images/storyImages/csm_T2_Chip_b11850d25a.jpg)
The T2 chip is responsible for the security of Macs - it is all the more annoying that it is now precisely this chip that offers a target for attack. (Image: Apple).
Security researchers have released new information about a vulnerability in Apple's T2 chip, according to which two different exploits can be used to manipulate the behavior of the chip and to smuggle in malware - the problem cannot be fixed with a software update.
The bad news: The ROM of the T2 chip cannot be changed by software updates, so Apple cannot do anything about this exploit - ironically, this is a security precaution. However, it can be assumed that future hardware revisions will improve this. Yeah, that will certainly help the users who won't upgrade each year
-
![[IMG]](images/storyImages/170x170_Windows-10-headpic.jpg)
SECURITY, MICROSOFT
Windows Update can be abused to execute malicious files bleepingcomputer.com| today
The Windows Update client has just been added to the list of living-off-the-land binaries (LoLBins) attackers can use to execute malicious code on Windows systems.... -
![[IMG]](images/storyImages/t2-chip-thumb.jpg)
Researchers Demonstrate Apple T2 Security Chip Root Access Vulnerability Via USB-C Port hothardware.com | Oct 13, 2020
Last week, a security researcher team claimed Apple’s T2 security chip onboard many Macs was vulnerable to an exploit that could not be patched. This exploit would give an attacker full root access and kernel execution privileges. Now, another group has showcased a real-world method of this attack over USB-C...
While this issue can be a concern for the average user, you can avoid problems by not leaving your devices accessible by unsavory individuals. It will be interesting to see if Apple has a response to these revelationsVasudev, jclausius, cfe and 1 other person like this. -
![[IMG]](images/storyImages/tianfu-cup-winners.jpg)
Windows 10, iOS, Chrome, and many others fall at China's top hacking contest zdnet.com | today
Winning hacker team pockets $744,500 at the Tianfu Cup, China's top hacking contest.
Many of today's top software programs have been hacked using new and never-before-seen exploits at this year's edition of the Tianfu Cup — China's largest and most prestigious hacking competition.
All exploits were reported to the software providers, per contest regulations, modeled after the rules of the more established Pwn2Own hacking competition that has been taking place in the west since the late 2000s.
Patches for all the bugs demonstrated over the weekend will be provided in the coming days and weeks, as it usually happens after every TianfuCup and Pwn2Own contest.Vasudev, jclausius, cfe and 1 other person like this. -
A host of anti-virus engines are flagging recent Dell printer drivers as unsafe neowin.com
![[IMG]](images/storyImages/1605044769_dell_bug_story.jpg)
Recent releases of Dell printer drivers for various versions of Windows are being flagged by a number of anti-virus programs as malware, as spotted and reported by journalist Brian Krebs on Twitter (via WindowsCentral). A few examples of such reports can be viewed on Virus Total that provides logs of malware detection by various anti-virus programs.
-----------------------------------------------------------------------------
While AMD and Apple throw out new processors.... Microsoft continue helping Intel to patch their never ending CPU security bugs.
Windows 10 Intel microcode released to fix new CPU security bugs bleepingcomputers.com
Microsoft has released a new batch of Intel microcode updates for Windows 10 20H2, 2004, 1909, and older versions to fix new hardware vulnerabilities discovered in Intel CPUs.
When Intel finds bugs in their CPUs, they release microcode updates that allow operating systems to patch the behavior of the CPU to fix, or at least mitigate, the bug.
------------------------------------------------------------------
Europeans don't trust US tech giants with their data betanews.com
![[IMG]](images/storyImages/Trust-150x150.jpg)
A new study reveals that 82 percent of Europeans don't trust US tech giants with their personal files, despite increasing reliance on cloud services due to COVID-19.
The survey of 4,500 people across the UK, France and Germany, conducted by pCloud, one of Europe's fastest-growing file-sharing and cloud storage providers, finds the biggest concerns are personal data being used for commercial gain (51 percent) and the possibility of hacks (43 percent)....
The location of data servers is important to users, with 82 percent saying they would rather have their data stored in Europe than the United States, while 74 percent say they check the security features offered before choosing a cloud services provider. 68 percent of users say they would feel more confident putting files in the cloud if the provider was not able to see what was being stored there.
--------------------------------------------------------------
![[IMG]](images/storyImages/bitdefender-logo-6dc84228b2ccaa27.png)
SecurityBitdefender is struggling with serious security problems heise.de
The manufacturer needed up to four attempts to eliminate a total of ten critical security gaps.
Computer science student David L. analyzed Bitdefender's code for unpacking UPX-compressed files and found critical errors in almost every step . All of the bugs are not really hard to find gaps, but rather bread & butter gaps for security researchers, as can be easily found with fuzzing. Almost half caused the lack of the important length check in memory operations. Tavis Ormandy, who has identified several such loopholes in AV software himself, promptly comments that it is "irresponsible to deliver code like this".
Antivirus software as a security risk
The findings once again confirm the fact that heise Security documented as a gateway in antivirus software as early as 2007 , that whenever a security researcher "knocks on antivirus software", critical security gaps tumble out below. Researchers illustrated this again in 2014 and it does not seem to have fundamentally changed. Antivirus software is a potential security problem.
Last edited: Nov 11, 20206730b, Vasudev, jclausius and 1 other person like this. -
SECURITY
Intel fixes 95 vulnerabilities in November 2020 Platform Update bleepingcomputers.com
Intel addressed 95 vulnerabilities as part of the November 2020 Patch Tuesday, including critical ones affecting Intel Wireless Bluetooth products and Intel Active Management Technology (AMT).
"At this time, we are not aware of any of these issues being used in actual attacks," Bryant added.
As expected, people should be more worried about running into malware and attacks other ways than through the disclosed Intel vulnerabilities. The web is a dangerous place regardless if you patch your machines with latest Intel MC or not. If you want the latest bios updates from your OEM/Win Update to fix a "not widespread" security problem today, then expext have to deal with 100C and random Boost clocks due Plundervolt patch. The choice is yours.
SECURITY
New tool lets attackers easily create reply-chain phishing emails bleepingcomputers.com
A new email tool advertised on a cybercriminal forum provides a stealthier method for carrying out fraud or malware attacks by allowing messages to be injected directly into the victim's inbox.
By slipping content in the normal email flow, the utility can help bypass protections that verify messages traveling to their destination mail server.
Ransomware gang hacks Facebook account to run extortion ads bleepingcomputer.com
A ransomware group has now started to run Facebook advertisements to pressure victims to pay a ransom.
This new tactic of promoting attacks through Facebook shows the continuing evolution of ransomware extortion. With ransom demands and payments in the tens of millions, we can expect to see further escalations in the future.
---------------------------------------------------------------------------
Microsoft urges users to stop using phone-based multi-factor authentication zdnet.de
Microsoft recommends using app-based authenticators and security keys instead.Last edited: Nov 12, 2020 -
Backdoor in Chinese routers (Jetstream, Wavelink, Ematic)
Posted on November 24, 2020 by Günter Born
A security researcher has come across a hidden back door that is built into Chinese routers from various companies (Wavlink, Jetstream). Not only can the router be controlled via the backdoor, it can also penetrate the network of the device owner behind it. The devices are sold on Amazon, eBay and other platforms as well as at the US retailer Walmart. I don't know how much the routers are being sold in Germany. A quick search on Amazon for Ematic routers (or other device names) brought me hits.
300,000+ Spotify accounts hacked
Posted on November 24, 2020 by Günter Born
Customers of the music streaming service Spotify may have a problem. Hackers have used a database of 380 million records of credentials and personal information from various sources to crack Spotify accounts and have arguably succeeded with more than 300,000 users.
etern4l, jclausius, Vasudev and 1 other person like this. -
Microsoft & Google are abused for phishing
Posted on 2020-12-04 by guenni
Check Point security researchers are currently seeing a sharp increase in phishing emails that use well-known brands to disguise the fraud. Here’s some information I’ve received from Check Point warning against fake emails on behalf of Microsoft and Google.
Here, the main type of fraud is that fake messages ask users to reset or enter their access data for Microsoft accounts, which allows hackers to gain possession of them.
![[IMG]](images/storyImages/odxM0Q2.png)
Phishing e-mail for account verification of ‘Microsoft Accounts Team’.
In a video in the series called How to secure your remote workforce, Maya Horowitz, Check Point’s Director of Threat Research and Intelligence, explains the threat. Using a real-life case – the hacker group called Florentine Banker – reported on Check Point in April, she shows what a fake email can actually do. Read all about the investigation of brand abuse in the context of phishing in this blog post. -
SECURITY, MICROSOFT
Microsoft: New malware can infect over 30K Windows PCs a day bleepingcomputer.com | Today
Microsoft has warned of an ongoing campaign pushing a new browser hijacking and credential-stealing malware dubbed Adrozek which, at its peak, was able to take over more than 30,000 devices every day.
-----------------------------------------------------------
Steam gaming platform with serious security gaps
Posted on December 11, 2020 by Günter Born
The Steam gaming platform has serious weaknesses. Check Point security researchers have found that attackers can exploit the bugs they find to repeatedly crash a player's session. But it is also possible to take over a victim's computer or to infect all other computers connected to a third-party server.
-----------------------------------------------------------
FireEye hacked, Red Team tools stolen
Posted on 2020-12-09 by guenni
[
German]It is the absolute disaster for the partly CIA-owned security company FireEye. Suspected state hackers have penetrated their internal networks to search for customer data, but have also stolen their Red Team tools.
FireEye: Sorry, we are hacked
In a statement titled Unauthorized Access of FireEye Red Team Tools, FireEye admitted a hack on December 8, 2020. The message reads:
A sophisticated, state-sponsored adversary stole FireEye Red Team tools. Since we believe that an opponent possesses these tools, and we don’t know if the attacker intends to use the stolen tools himself or to make them public, FireEye is publishing hundreds of countermeasures in this blog post to enable the broader security community to protect themselves against these tools.Last edited: Dec 11, 2020Spartan@HIDevolution, jclausius, Vasudev and 1 other person like this. -
Microsoft president calls SolarWinds hack an “act of recklessness”
Microsoft president calls SolarWinds hack an “act of recklessness” | Ars Technica
![[IMG]](images/storyImages/attack-victims-by-industry-640x360.jpg)
Microsoft was breached in SolarWinds cyberattack, in what one exec calls 'a moment of reckoning' - MarketWatch
jclausius, Papusan, etern4l and 1 other person like this. -
![[IMG]](images/storyImages/170x170_wyse-thin-client-5070.jpg)
SECURITY
Critical bugs in Dell Wyse ThinOS allow thin client take over bleepingcomputer.com | Dec 21, 2020
Almost a dozen Dell Wyse thin client models are vulnerable to critical issues that could be exploited by a remote attacker to run malicious code and gain access to arbitrary files...
Thin clients are small form-factor computers used for remote desktop connections to a more powerful system. They are popular with organizations that don't need computers with high processing, storage, and memory on the network.
It is estimated that more than 6,000 organizations, most of them from the healthcare sector, have deployed Dell Wyse thin clients on their networks...
Dell has released ThinOS 9.x to address these issues. However, some of the affected models can no longer be upgraded:
- Wyse 3020
- Wyse 3030 LT
- Wyse 5010
- Wyse 5040 AIO
- Wyse 5060
- Wyse 7010
-------------------------------------------------------------------
2nd backdoor found on infected SolarWinds systems borncity.de posted on 2020-12-22 by guenni
Security researchers and forensic experts have found two other malware variants, Supernova and CosmicGale, in systems infected with the SunBurst Trojan via SolarWinds Orion software. Security researchers suspect that there is a second hacking group at work.
Last edited: Dec 21, 2020Vasudev, jclausius, etern4l and 1 other person like this.
All about Security, News, Events and Incidents
Discussion in 'Security and Anti-Virus Software' started by Dr. AMK, Apr 26, 2018.
![[IMG]](https://www.notebookcheck.com/fileadmin/Notebooks/News/_nc3/T2_Chip.jpg)
