Search Results for “Ars Technica”


March 6, 2020
Dan Goodin / Ars Technica

Dan Goodin / Ars Technica  
‘Unfixable’ Flaw in All Intel Chips Released Over the Past Five Years Could Allow Attackers to Execute Malicious Code

Patches that Intel has issued for flaws that allow attackers to defeat a host of security measures may be insufficient to protect systems adequately, researchers at Positive Technologies said, with virtually all Intel chips released in the past five years containing an unfixable flaw.  The flaw is in the Converged Security and Management Engine, often abbreviated as CSME, a subsystem inside Intel CPUs and chipsets that’s roughly analogous to AMD’s Platform Security Processor. The CSME implements the firmware-based Trusted Platform Module used for silicon-based encryption, authentication of UEFI BIOS firmware, Microsoft System Guard and BitLocker, and other security features. The bug stems from the failure of the input-output memory management unit to implement early enough in the firmware boot process, which could allow malicious code to be executed with the highest privilege levels. Intel says that installing the CSME and BIOS updates with end of manufacturing set by the system manufacturer “should” mitigate local attacks. However, researchers at Positive Technologies say this might not sufficiently reduce the problem.

Related: Newsweek, SecurityWeek, CSO Online, Positive Technologies, ZDNet, Motley Fool, Ars Technica, WCCFtech,  ARN, SC Magazine, Appuals.com, SiliconANGLE, SC Magazine, TechSpot, Digital Trends, gHacks, KitGuru, eTeknix, Gizmodo, TechCentral.ie, Windows Central, Silicon Republic, Reddit – cybersecurity, Daily Mail,Tech Insider, SlashGear » security, The Tech Report, TechTarget, The Verge, Ubergizmo, BGR, OnMSFT.com, The Hacker News, Apple Insider, Appuals.com, CNET, IT World Canada, ExtremeTech, WinBuzzer, Dark Reading: Attacks/Breaches

Tweets:@reneritchie

Newsweek: New Intel CSME CPU Bug is ‘Unfixable’ Security Vulnerability Affecting Chipsets Released Over Last Five Years
SecurityWeek: Vulnerability in Intel Chipsets Allows Hackers to Obtain Protected Data
CSO Online: Intel CSME flaw is unpatchable, researchers warn
Positive Technologies: Intel x86 Root of Trust: loss of trust
>ZDNet: Intel CSME bug is worse than previously thought
Motley Fool: Intel Chip Flaw Proves Unfixable Despite Patches
Ars Technica: 5 years of Intel CPUs and chipsets have a concerning flaw that’s unfixable
WCCFtech: Deep Learning Breakthrough Results In A Single Intel Xeon Destroying 8x NVIDIA Tesla V100 GPUs
ARN: Design flaw could compromise Intel platform security features, researchers warn
SC Magazine: Intel flaw impacts most new Intel chipsets | SC Media
Appuals.com: Intel Next-Gen Performance NUC 11 Mini-PCs To Feature 11th Gen 10nm+ Core Tiger Lake-U Series CPUs
SiliconANGLE: Intel chipset vulnerability can be exploited to obtain encrypted data
SC Magazine: Intel flaw impacts most new Intel chipsets | SC Media
TechSpot: Intel CSME vulnerability allows hackers to break encryption and DRM
Digital Trends : Uh oh: There’s an unfixable security vulnerability in Intel processors
gHacks: UserBenchmark is a freeware benchmarking tool that tells if your components are performing to their potential
KitGuru: Researchers find new Intel security vulnerability that is “impossible to fix”
eTeknix: Another Intel Vulnerability, and it’s Unfixable…
Gizmodo: Unfixable Flaw in Intel Chipsets Opens Encrypted Data to Hackers
TechCentral.ie: Intel CSME flaw is unpatchable, researchers warn
Windows Central : Serious Intel CPU security flaw affects millions and can’t be fixed
Silicon Republic: Major flaw discovered in many Intel chips from the last five years
Reddit – cybersecurity: A major new Intel processor flaw could defeat encryption and DRM protections. Exciting to see what becomes of this in regard to the gaming industry.
Daily Mail : Unfixable flaw in Intel chips from the last five years could let cyber criminals hijack computers
Tech Insider: Renee James has wowed the chip industry with a new ARM chip for data centers that has put Intel, her former company, on notice
SlashGear » security: Intel CSME flaw: 5 years of chips have a truly ominous, unfixable flaw
The Tech Report: Unfixable vulnerability found in Intel CPUs
TechTarget: Intel CSME flaw deemed ‘unfixable’ by Positive Technologies
The Verge : A major new Intel processor flaw could defeat encryption and DRM protections
Ubergizmo : New Intel Chip Flaw Discovered, Might Be Unpatchable
BGR: Intel’s unfixable chip flaw could give hackers access to encrypted data
OnMSFT.com: Researchers discover new security flaw affecting Intel CPUs from last 5 years
The Hacker News: This Unpatchable Flaw Affects All Intel CPUs Released in Last 5 Years
Apple Insider : New Intel chip flaw threatens encryption, but Macs are safe
Appuals.com: Intel Consumer-Grade CPUs Unfixable Hardware-Level Security Vulnerability Discovered But It Is Difficult To Exploit
CNET: ‘Unfixable’ hole in Intel ROM exposes all but latest chips to attack, researchers say
IT World Canada: Vulnerability in Intel chipsets could lead to ‘chaos’, predicts report
ExtremeTech: Intel Has an Unfixable Chipset Security Flaw. Is it a Risk?
WinBuzzer: Intel Has Been Hit by Another “Unfixable” CPU Flaw That Could Lead to Undetectable Malware
Dark Reading: Attacks/Breaches: Physical Flaws: Intel’s Root-of-Trust Issue Mostly Mitigated

@reneritchie: NB: Apple’s Mac computers are unaffected by this latest Intel CSME security flaw. FileVault doesn’t use any Intel security features and T2 Macs exclusively use T2.


April 22, 2020
Robert McMillan / Wall Street Journal

Robert McMillan / Wall Street Journal  
iPhone Zero-Day Flaw That Requires Only Specially Crafted Messages to Gain Phone Access Has Been Exploited for Two Years by Sophisticated Attackers, Researchers

In attacks that go back two years, iPhones have been exploited by sophisticated hackers who leveraged a zero-day flaw in the smartphone’s email software, according to digital security firm ZecOps. The hackers gained access to the phones by merely sending a specially crafted message, which triggers the attack when the phone’s email reader downloads the message. ZecOps wasn’t able to obtain the malware itself but based it determinations on the digital clues left after the attacks. The attacks were virtually undetectable due to the sophistication of the attackers and Apple’s efforts to make investigating the device difficult. The researchers were able to identify six targets of these attacks including employees of a telecommunications company in Japan, a large North American firm, technology companies in Saudi Arabia, and Israel, a European journalist and an individual in Germany. Apple has patched the mail bug in a test version of its iPhone operating system, but the fix hasn’t yet been widely released through an official IOS update.

Related: Motherboard, iMore, Security Affairs, The Hacker News, ZDNet Security, AppleInsider, iPhone Hacks, Cult of Mac, Reuters: Top News, Tech Insider, Cybersecurity Insiders, Inc.com, Engadget, The Register – Security, MobileSyrup.com, Tenable Blog, Cyber Kendra, MacRumors, CNET, PhoneArena, Security News | Tech Times, HotHardware.com, TechCrunch, Apple InsideriMore, iPhone Hacks, Threatpost, iDownloadblog, PYMNTS.com, Fortune, 9to5Mac, Malwarebytes Unpacked, Malwarebytes Unpacked, SiliconANGLE, MacDailyNews, ZDNet Security, Law & Disorder – Ars Technica, The Hill: Cybersecurity, The Inquisitr News, Mashable, Reuters, iTnews – Security, Patently Apple, Japan Today, Wall Street Journal, ARN, The Verge, VentureBeat, Japan Times, Fortune, Motley Fool, The Hacker News, MobileSyrup.com, Security Affairs, Jerusalem Post

Tweets:@ZecOps @kennwhite @AntivirusLV

Motherboard: Researchers Say They Caught an iPhone Zero-Day Hack in the Wild
iMore: An iOS vulnerability may have been exploited to spy on Uyghur population
Security Affairs: A new Insomnia iOS exploit used to spy on China’s Uyghur minority
The Hacker News: New iPhone Hack is Being Exploited to Spy Uyghurs Muslims in China
ZDNet Security: Apple investigating report of a new iOS exploit being used in the wild
AppleInsider: Two Apple Mail vulnerabilities being used to target iPhone, iPad users
iPhone Hacks: Apple Patches Mail App Related Security Vulnerabilities in Latest iOS 13.4.5 Beta
Cult of Mac: iPhone vulnerability let hackers attack devices through Mail app
Reuters: Top News: Flaw in iPhone, iPads may have allowed hackers to steal data for years
Tech Insider: Hackers may be attacking iPhones by sending emails that can infect phones without you even opening the email (AAPL)
Cybersecurity Insiders: Apple iPhones are vulnerable to Email hacks
Inc.com: Apple Mail Bug Lets Hackers Control Your iPhone
Engadget: Apple Mail for iPhone may be vulnerable to malware attacks
The Register – Security: Zero-click, zero-day flaws in iOS Mail ‘exploited to hijack’ VIP smartphones. Apple rushes out beta patch
MobileSyrup.com: Security researchers uncovered vulnerabilities in Apple’s default Mail app on iOS
Tenable Blog: Multiple Zero-Day Vulnerabilities in iOS Mail App Exploited in the Wild
Cyber Kendra: Hack iPhone With Just a Single Mail—Zero-day Bug
MacRumors: Apple Patches Two Security Vulnerabilities Impacting Mail App in iOS 13.4.5 Beta
CNET: Mail app on iPhone may be vulnerable to email hack, report says
PhoneArena: “Scary” vulnerability found in the iPhone/iPad Mail app; Apple says patch is coming soon
Security News | Tech Times: Disable iPhone Mail App Now! Security Alerts Users on New Apple Scam That Steals Data
HotHardware.com: Apple iPhone Mail App Zero-Day Security Exploit Potentially Exposed Private Data Of Millions
TechCrunch: A new iPhone email security bug may let hackers steal private data
Apple Insider : Two Apple Mail vulnerabilities being used to target iPhone, iPad users
iMore: A new security vulnerability has been discovered in the default Mail app
iPhone Hacks: Apple Patches Mail App Related Security Vulnerabilities in Latest iOS 13.4.5 Beta
Threatpost : Apple Patches Two iOS Zero-Days Abused for Years
iDownloadblog : Researchers discover a pair of security vulnerabilities in the iOS Mail app, Apple is working on a patch
PYMNTS.com: Apple iOS May Be Vulnerable To Zero-Click Email Hack
Fortune: Apple iPhones, iPads are vulnerable to hackers through flaws in email app
9to5Mac : Report: iPhone Mail app zero-day exploits found in the wild, Apple has fix coming in next public iOS release
Malwarebytes Unpacked: iOS Mail bug allows remote zero-click attacks
SiliconANGLE: Hackers spotted using new iPhone vulnerability in email-borne cyberattacks
MacDailyNews: Apple investigating report of a new iOS email exploit being used in the wild
ZDNet Security: Apple investigating report of a new iOS exploit being used in the wild
Law & Disorder – Ars Technica: A critical iPhone and iPad bug that lurked for 8 years may be under active attack
The Hill: Cybersecurity: Vulnerabilities on iPhones, iPads allowed hackers to access data for years: report
The Inquisitr News: Flaws In iPhone Design Have Allowed Hackers To Steal Information For Years
Mashable: Newly disclosed iPhone vulnerability means emails are an even bigger risk
Reuters: Flaw in iPhone, iPads may have allowed hackers to steal data for years
iTnews – Security: Flaw in iPhone, iPads may have allowed hackers to steal data for years
Patently Apple: Apple is planning to fix a Security Flaw that was first discovered by a former Israeli Defense Force security researcher
Japan Today: Flaw in iPhone, iPads may have allowed hackers to steal data for years
Wall Street Journal: Apple iPhone May Be Vulnerable to Email Hack
ARN: Apple moves to fix flaw affecting up to 500M iPhones
The Verge: Apple’s default Mail app for the iPhone has a severe security flaw, researchers claim
VentureBeat: Researchers find actively exploited iOS flaws that were open for years
Japan Times: Apple iPhones and iPads vulnerable to hackers by flaws in mail app
Fortune: Apple iPhones, iPads are vulnerable to hackers through flaws in email app
Motley Fool: iPhone Flaw Allowed Hackers to Steal Data for Years
The Hacker News: Zero-Day Warning: It’s Possible to Hack iPhones Just by Sending Emails
MobileSyrup.com: Security researchers uncovered vulnerabilities in Apple’s default Mail app on iOS
Security Affairs: Hacking Apple iPhones and iPads by sending emails to the victims
Jerusalem Post: Israeli security company finds vulnerable flaw in iPhones, iPads

@ZecOps: Hackers may be attacking iPhones by exploiting a previously unknown flaw in the smartphone’s email software, according to digital-security company @ZecOps https://wsj.com/articles/apple-iphone-may-be-vulnerable-to-email-hack-11587556802 via @WSJ
@kennwhite: MacRumors Apple Patches Two Security Vulnerabilities Impacting Mail App in iOS 13.4.5 Beta San Francisco-based cybersecurity company ZecOps today announced that it has uncovered two zero-day security vulnerabilities affecting Apple's stock Mail app on iOS devices, as noted by Motherbo + Related: CERT-EU , CERT-EU , The Register - Security, The Register - Security, Techmeme Chatter (@TechmemeChatter) | Twitter, Techmeme Chatter (@TechmemeChatter) | Twitter, MobileSyrup.com, Tenable Blog, Cyber Kendra, Techmeme Chatter (@TechmemeChatter) | Twitter, GeekWire, GeekWire, CERT-EU , MacRumors, CERT-EU , CNET, CERT-EU , CERT-EU , CERT-EU , CERT-EU , CERT-EU , PhoneArena, PhoneArena, Security News | Tech Times, Security News | Tech Times, HotHardware.com, HotHardware.com, CERT-EU , TechCrunch, TechCrunch, CERT-EU , iMore, CERT-EU , iMore, CERT-EU , CERT-EU , iPhone Hacks, iPhone Hacks, iPhone Hacks, iPhone Hacks, CERT-EU , CERT-EU , CERT-EU , CERT-EU , CERT-EU , CERT-EU , PYMNTS.com, Fortune, GeekWire, CERT-EU , CERT-EU , CERT-EU , CERT-EU , PYMNTS.com, Malwarebytes Unpacked, Malwarebytes Unpacked, Malwarebytes Unpacked, Malwarebytes Unpacked Related: CERT-EU : Zero-click, zero-day flaw in iOS Mail ‘exploited to hijack’ VIP smartphones. Apple rushes out beta patch CERT-EU : Zero-click, zero-day flaw in iOS Mail 'exploited to hijack' VIP smartphones. Apple rushes out beta patch The Register - Security: Zero-click, zero-day flaws in iOS Mail 'exploited to hijack' VIP smartphones. Apple rushes out beta patch The Register - Security: Zero-click, zero-day flaws in iOS Mail 'exploited to hijack' VIP smartphones. Apple rushes out beta patch Techmeme Chatter (@TechmemeChatter) | Twitter: @kennwhite: - beta patch released by Apple- attack is fairly advanced, but actual exploit appears to be POC-grade - multiple delivery methods including large mail but also multi-part & rich text format hacks- full report, with IOCs and FAQ from @ZecOps:ht Techmeme Chatter (@TechmemeChatter) | Twitter: @kennwhite: - beta patch released by Apple- attack is fairly advanced, but actual exploit appears to be POC-grade - multiple delivery methods including large mail but also multi-part & rich text format hacks- full report, with IOCs and FAQ from @ZecOps:ht MobileSyrup.com: Security researchers uncovered vulnerabilities in Apple’s default Mail app on iOS Tenable Blog: Multiple Zero-Day Vulnerabilities in iOS Mail App Exploited in the Wild Cyber Kendra: Hack iPhone With Just a Single Mail—Zero-day Bug Techmeme Chatter (@TechmemeChatter) | Twitter: @TheRegister: Zero-click, zero-day flaw in iOS Mail exploited to hijack VIP smartphones. Apple rushes out beta patch https://t.co/r7OWryABPq GeekWire: Zero-click, zero-day flaws in iOS Mail ‘exploited to hijack’ VIP smartphones. Apple rushes out beta patch GeekWire: Zero-click, zero-day flaw in iOS Mail ‘exploited to hijack’ VIP smartphones. Apple rushes out beta patch CERT-EU : Apple Patches Two Security Vulnerabilities Impacting Mail App in iOS 13.4.5 Beta MacRumors: Apple Patches Two Security Vulnerabilities Impacting Mail App in iOS 13.4.5 Beta CERT-EU : Apple Patches Two Security Vulnerabilities Impacting Mail App in iOS 13.4.5 Beta CNET: Mail app on iPhone may be vulnerable to email hack, report says CERT-EU : Apple iPhones are vulnerable to Email hacks CERT-EU : Apple iPhones are vulnerable to Email hacks CERT-EU : Apple iPhones are vulnerable to Email hacks CERT-EU : Apple iPhones are vulnerable to Email hacks CERT-EU : Two Apple Mail vulnerabilities being used to target iPhone, iPad users PhoneArena: "Scary" vulnerability found in the iPhone/iPad Mail app; Apple says patch is coming soon PhoneArena: "Scary" vulnerability found in the iPhone/iPad Mail app; Apple says patch is coming soon Security News | Tech Times: Disable iPhone Mail App Now! Security Alerts Users on New Apple Scam That Steals Data Security News | Tech Times: Disable iPhone Mail App Now! Security Alerts Users on New Apple Scam That Steals Data HotHardware.com: Apple iPhone Mail App Zero-Day Security Exploit Potentially Exposed Private Data Of Millions HotHardware.com: Apple iPhone Mail App Zero-Day Security Exploit Potentially Exposed Private Data Of Millions CERT-EU : iPhone's Mail app has two severe "zero-click" vulnerabilities that have existed for 8 years TechCrunch: A new iPhone email security bug may let hackers steal private data TechCrunch: A new iPhone email security bug may let hackers steal private data CERT-EU : Two Apple Mail vulnerabilities being used to target iPhone, iPad users iMore: A new security vulnerability has been discovered in the default Mail app CERT-EU : A new security vulnerability has been discovered in the default Mail app iMore: A new security vulnerability has been discovered in the default Mail app CERT-EU : Session hijacking & malware injection vulnerabilities found in Apple Mail app and AirShare affecting iPhone, iPad & Mac CERT-EU : Session hijacking & malware injection vulnerabilities found in Apple Mail app and AirShare affecting iPhone, iPad & Mac iPhone Hacks: Apple Patches Mail App Related Security Vulnerabilities in Latest iOS 13.4.5 Beta iPhone Hacks: Apple Patches Mail App Related Security Vulnerabilities in Latest iOS 13.4.5 Beta iPhone Hacks: Apple Patches Mail App Related Security Vulnerabilities in Latest iOS 13.4.5 Beta iPhone Hacks: Apple Patches Mail App Related Security Vulnerabilities in Latest iOS 13.4.5 Beta CERT-EU : Apple Patches Two iOS Zero-Days Abused for Years CERT-EU : Researchers discover a pair of security vulnerabilities in the iOS Mail app, Apple is working on a patch CERT-EU : Researchers discover a pair of security vulnerabilities in the iOS Mail app, Apple is working on a patch CERT-EU : Two Apple Mail vulnerabilities being used to target iPhone, iPad users CERT-EU : Apple Mail Vulnerabilities Found Could Lead To Attacks On iPhone Users CERT-EU : Apple Mail Vulnerabilities Found Could Lead To Attacks On iPhone Users PYMNTS.com: Apple iOS May Be Vulnerable To Zero-Click Email Hack Fortune: Apple iPhones, iPads are vulnerable to hackers through flaws in email app GeekWire: iOS Mail bug allows remote zero-click attacks CERT-EU : Report: iPhone Mail app zero-day exploits found in the wild, Apple has fix coming in next public iOS release CERT-EU : Report: iPhone Mail app zero-day exploits found in the wild, Apple has fix coming in next public iOS release CERT-EU : Hack iPhone With Just a Single Mail—Zero-day Bug CERT-EU : Hack iPhone With Just a Single Mail—Zero-day Bug PYMNTS.com: Apple iOS May Be Vulnerable To Zero-Click Email Hack Malwarebytes Unpacked: iOS Mail bug allows remote zero-click attacks Malwarebytes Unpacked: iOS Mail bug allows remote zero-click attacks Malwarebytes Unpacked: iOS Mail bug allows remote zero-click attacks Malwarebytes Unpacked: iOS Mail bug allows remote zero-click attacks
@AntivirusLV: Researchers are reporting two Apple #iOS 0-day security #vulnerabilities affecting its Mail app on iPhones and iPads. Impacted are iOS 6 and iOS 13.4.1. Apple patched both vulnerabilities in iOS 13.4.5 beta. A final release of iOS 13.4.5 is expected soon.


April 23, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Game Maker Valve Tries to Quell Fears of Hackers Developing Exploits Based on Leaked Source Code for CS:GO and TF2

Game company Valve that it’s safe to play games like Counter-Strike: Global Offensive and Team Fortress 2 even after their source code leaked online today on 4chan and torrent sites, causing a panic in the two games’ online communities. On Reddit and other websites, gamers were warning that hackers may develop exploits based on the leaked source code that may be used to hack computers connecting to CS:GO and TF2 servers. Valve sees no reason to be concerned about hackers and said that playing on the official servers is recommended for the highest security. However, over the coming weeks and months, the source could become fodder for hackers because it makes exploit development easier.

Related: Reddit – cybersecurity, Wired, Ars Technica, Slashdot, SlashGear » security, HackRead, Techradar, TechSpot, Game Rant, Forbes


March 21, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Russian Hacking Group Digital Revolution Claims to Have Breached FSB Contractor, Publishes Technical Documents Uncovering Plans for IoT Botnet ‘Fronton’ Capable of Targeting Linux-Based Smart Devices

Russian hacker group Digital Revolution claims to have breached a contractor for Russia’s national intelligence service, the FSB and found details about a project intended for hacking Internet of Things (IoT) devices. BBC Russia broke the news, but ZDNet and the British news organization both examined 12 technical documents, diagrams, and code fragments published by the hackers for a 2017-2018 project called “Fronton.” The Fronton project describes the basics of building an IoT botnet and was put together following a procurement order placed by one of the FSB’s internal departments, unit No. 64829, which is also known as the FSB Information Security Center. They charge InformInvestGroup CJSC, a Russian company with a long history of fulfilling orders for the Russian Ministry of Internal Affairs, with building an IoT hacking tool that should specifically target internet security cameras and digital recorders (NVRs), which they deem ideal for carrying out DDoS attacks. InformInvestGroup appears to have sub-contracted the project to Moscow-based software company ODT (Oday) LLC, which Digital Revolution claims to have hacked in April 2019. The botnet was capable of targeting Linux-based smart devices, which account for the vast majority of IoT systems today and extend far beyond just internet security cameras and NVRs.

April 9, 2020
Dan Goodin / Ars Technica

Dan Goodin / Ars Technica  
Newly Discovered IoT Botnet dark_nexus Is Purportedly One of the Most Advanced Ever Seen, Developed by Well-Known Botnet Author

A newly discovered IoT botnet dubbed dark_nexus that preys on home routers, video recorders, and other network-connected devices is one of the most advanced Internet-of-things platforms ever seen, researchers at Bitdefender report. Bitdefender says the botnet uses the name dark_nexus in one of its earliest versions, using the name in its user agent string when carrying out exploits over HTTP: dark_NeXus_Qbot/4.0, citing Qbot as its influence. Although dark_nexus uses some Qbot and Mirai code, its core modules are mostly original. The IoT botnet seems to have been developed by a known botnet author, @greek.helios, who has been selling DDoS services and botnet code for years, Bitdefender says.

Related: Gixtools, Security Affairs, ZDNet, The Hacker News, CSO Online, Security Brief, SecurityWeek, TechCentral.ie, Bitdefender


March 27, 2020
Dan Goodin / Ars Technica

Dan Goodin / Ars Technica  
Google’s Threat Analysis Group Says Number of Warnings Sent to Users of Government-Backed Attacks Drop Nearly 25% in 2019 to 40,000

Google’s Threat Analysis Group (TAG) said that in 2019, it sent almost 40,000 warnings to users that it had detected government-backed phishing or malware attempts against them, a nearly 25 percent drop from 2018. One big reason for the decline, according to the company, is that new protections Google has implemented are working. Attackers’ efforts have been slowed down, and they’re more deliberate in their attempts, meaning attempts are happening less frequently as attackers adapt, Google said. However, Google has seen a rising number of attackers, including those from Iran and North Korea, impersonating news outlets, or journalists. Google’s data also shows that geopolitical rivals, government officials, journalists, dissidents, and activists are still the main targets of government-backed attackers and that these government attackers go after their targets repeatedly. TAG also said it discovered many zero-day vulnerabilities affecting Android, Chrome, iOS, Internet Explorer and Windows throughout the year.

May 21, 2020
Dan Goodin / Ars Technica

Dan Goodin / Ars Technica  
New PipeMon Backdoor Infected Several Multiplayer Games Developers to Push Malware-Tainted Apps That Steal In-Game Currencies

Researchers from ESET report that one of the world’s most prolific hacking groups, Winnti, recently infected several Massively Multiplayer Online game makers which made it possible for the attackers to push malware-tainted apps to one target’s users and to steal in-game currencies of a second victim’s players. These recent attacks used a never-before-seen backdoor that ESET has dubbed PipeMon, which used installers that bore the imprimatur of a legitimate Windows signing certificate stolen from Nfinity Games during a 2018 hack of that gaming developer. Pipemon used the location of Windows print processors so it could survive reboots. The infected companies were not identified, but ESET said they were several South Korean and Taiwan-based developers of MMO games that are available on popular gaming platforms and have thousands of simultaneous players.

May 15, 2020
Dan Goodin / Ars Technica

Dan Goodin / Ars Technica  
Google Rolls Out New Feature in Chrome That Limits Machine Resources Used by Abusive Ads

Google developers are rolling out a feature that neuters abusive ads that covertly leach users’ CPU resources, bandwidth, and electricity, the Chrome team announced. Google says that while the percentage of abusive ads is meager, somewhere around 0.3 percent, they account for 28 percent of CPU usage and 27 percent of network data. Most of these ads mine cryptocurrency, are poorly programmed or are unoptimized for network usage. To address this problem, Chrome is limiting the resources a display ad can consume before a user interacts with it. If the limit is reached, the ad frame will navigate to an error page that informs the user the ad has consumed too many resources.

Related: BleepingComputer.com, The Verge, WCCFtech, Android Police, Chromium Blog, Trusted Reviews, MacRumors, Slashdot, Venture Beat


March 11, 2020
Dan Goodin / Ars Technica

Dan Goodin / Ars Technica  
Microsoft Leaks Word of New ‘Wormable’ Flaw in Windows That Could Unleash Self-Replicating Attacks

Microsoft leaked word of a new ‘wormable’ vulnerability in recent versions of Windows that has the potential to unleash the kind of self-replicating attacks that allowed the WannaCry and NotPetya worms to cripple business networks around the world. The vulnerability tracked as CVE-2020-0796 exists in version 3.1.1 of the Server Message Block 3.1.1 that’s used to share files, printers, and other resources on local networks and over the Internet. In a cryptic advisory, Microsoft said attackers who successfully exploit the flaw could execute code of their choice on both servers and end-user computers that use the vulnerable protocol. No patches are available for the vulnerability which affects Windows 10 and Windows Server 2019, which are relatively new releases that Microsoft has invested vast amounts of resources hardening against precisely these types of attacks. Microsoft said vulnerable servers could be protected by disabling compression to block unauthenticated attackers from exploiting the vulnerability against an SMBv3 server.  Security firms Fortinet and Cisco Talos released but then pulled their advisories about the flaw for reasons unknown.

Related: CyberSecurity Help s.r.o., SecurityWeek, Sec.Today, WCCFtech, Reddit – cybersecurity, BetaNews, Tenable Blog, CERT Recently Published Vulnerability Notes, IT News, DataBreachToday.com, Microsoft, ZDNet

Tweets:@campuscodi @zackwhittaker @campuscodi

CyberSecurity Help s.r.o.: Microsoft discloses a new wormable Win SMBv3 CVE-2020-0796 flaw
SecurityWeek: Microsoft Working on Patches for Wormable SMB Vulnerability
Sec.Today: CERT/CC Vulnerability Note VU#872016
WCCFtech: Microsoft Inadvertently Leaks Details of a New SMB Wormable Bug – Time to Block Ports & Disable SMBv3 Compression
Reddit – cybersecurity: CVE-2020-0976: Wormable Windows SMBv3 flaw
Beta News : Microsoft provides mitigation advice for critical vulnerability in SMBv3 protocol
Tenable Blog: CVE-2020-0796: “Wormable” Remote Code Execution Vulnerability in Microsoft Server Message Block SMBv3 (ADV200005)
CERT Recently Published Vulnerability Notes: VU#872016: Microsoft SMBv3 compression remote code execution vulnerability
IT News : Microsoft leaks critical, remotely exploitable Windows bug
DataBreachToday.com: Windows Alert: Critical SMB_v3 Flaw Requires Workaround
Microsoft: ADV200005 | Microsoft Guidance for Disabling SMBv3 Compression
ZDNet: Details about new SMB wormable bug leak in Microsoft Patch Tuesday snafu

@campuscodi: Details about new SMB wormable bug leak in Microsoft Patch Tuesday snafu - Bug is tracked as CVE-2020-0796 - Impacts SMBv3, and described as wormable - Was announced in some security feeds, but not actually included with the March 2020 Patch Tuesday https://zdnet.com/article/details-about-new-smb-wormable-bug-leak-in-microsoft-patch-tuesday-snafu/
@zackwhittaker: A critical bug in Microsoft's SMBv3 implementation was published under mysterious circumstances.
@campuscodi: I have now seen/talked to 3 different people claiming they found the bug in less than 5 minutes. I won't be surprised if exploits pop up online by the end of the day.


May 3, 2020
Dan Goodin / Ars Technica

Dan Goodin / Ars Technica  
New Damaging Ransomware Strain Called LockBit Is Self-Replicating, Rapidly Spreading Malware That Aborts Itself on Machines in Russia, Commonwealth of Independent States

A new ransomware strain called LockBit, most prevalent in the US, the UK, France, Germany, Ukraine, China, India, and Indonesia, rampantly ran through a poorly secured network in a matter of hours leaving leaders with no choice but to pay the ransom, researchers at McAfee recently observed. After getting in, self-replicating LockBit used a dual method to map out and infect the victimized network, using ARP tables and server message blocks to allow infected nodes to connect to uninfected nodes.  Before the ransomware encrypted data, it connected to an attacker-controlled server and then used the machine’s IP address to determine where it was located. If the computer were in Russia or another country belonging to the Commonwealth of Independent States, it would abort the process. LockBit is sold in underground broker forums that often require sellers to put up a deposit that customers can recover in the event the wares don’t perform as advertised.