Search Results for “Bleeping Computer”


October 7, 2019
Stephanie Taylor / Tuscaloosa News

Stephanie Taylor / Tuscaloosa News  
Alabama Hospitals Pay Ransom Following Attack That Crippled Computer Systems, Working to Restore Normal Operations

The DCH Health System in Tuscaloosa Alabama has made a payment to the hackers responsible for the crippling ransomware attack on its computer system that impacted operations at its three hospitals The hospitals didn’t reveal how much they paid the attackers but said they are quickly working to restore normal operations.

October 8, 2019
Lawrence Abrams / Bleeping Computer

Lawrence Abrams / Bleeping Computer  
Software Developer Hacked Back Against Muhstik Ransomware Gang and Released Decryption Keys, Free Decryptor to Allow Victims to Get Files Back

German software developer Tobias Frömel has hacked back on the Muhstik ransomware gang, which encrypted his files, by hacking their server and releasing nearly 3,500 decryption keys for all other victims to get their files back. He also released a free decrypter. The Muhstik ransomware gang, which has been active since the end of September, has been hacking into publicly exposed QNAP NAS devices and encrypting the files on them. After paying the ransom, Frömel also analyzed the ransomware and gained access to the PHP script that generates passwords for a new victim. He then published the decryption keys on Pastebin and published a decrypter that all Muhstik victims can use to unlock their files. The decrypter is available on MEGA [VirusTotal scan], and usage instructions are available on the Bleeping Computer forum.

August 7, 2019
Lawrence Abrams / Bleeping Computer

Lawrence Abrams / Bleeping Computer  
New Variant of Spectre 1 Speculative Execution Side-Channel Flaw ‘SWAPGS’ Could Allow Attacker to Read Contents of Privileged Memory

A new variant of the Spectre 1 speculative execution side-channel vulnerabilities, called the SWAPGS vulnerability, could allow a malicious program to access and read the contents of privileged memory in an operating system such as the Windows or Linux kernel memory, researchers at BitDefender disclosed at Black Hat. Andrei Vlad Lutas of Bitdefender discovered and reported the vulnerability to Intel in August 2018. Intel allowed Microsoft to address this issue on a software level and take over coordination of the vulnerability. Microsoft took over notifying other vendors, making sure patches were released, and planning the coordinated disclosure at BlackHat.

Related: The Register – Security, Computer Business Review, Help Net Security, CRN, The Hacker News, PCMag.com, Dark Reading: Vulnerabilities / Threats, ZDNet Security, Computer Business Review, The Next Web, US-CERT, BitDefender, CSO Online


October 1, 2019
Ionut Ilascu / Bleeping Computer

Ionut Ilascu / Bleeping Computer  
Account Data for Nearly 250,000 Comodo Forums Users Stolen and Now Traded Online After Attacker Exploited Recently Revealed vBulletin Flaw

Account data belonging to more than half of all Comodo Forums users, or around 245,000 users, has been stolen and is now traded online, according to a security notice published by Comodo. The notification indicates that a new vulnerability in the vBulletin software made public a week ago is responsible for the breach with the attacker exploiting the flaw at 4:57 am EDT on Sunday. Comodo says that all passwords were stored in encrypted form, but forum users are recommended to change them, as a precautionary measure.

October 12, 2019
Sergiu Gatlan / Bleeping Computer

Sergiu Gatlan / Bleeping Computer  
Critical Local Privilege Escalation Vulnerability Found and Fixed in HP Touchpoint Analytics, Could Impact Millions of Windows Systems

A critical security vulnerability in Open Hardware Monitor, a free open-source software program that monitors temperature sensors, fan speeds, voltages, load and clock speeds of a computer, which is used in monitoring systems, including HP Touchpoint Analytics, allowed attackers to escalate privileges and execute arbitrary code using SYSTEM privileges on computers running Windows, researchers at Safebreach Labs report.  The local privilege escalation (LPE) vulnerability, tracked as CVE-2019-6333, was discovered by SafeBreach Labs security researcher Peleg Hadar and reported to HP on July 4. It impacts all versions of HP Touchpoint Analytics Client below 4.1.4.2827. HP patched this vulnerability with the release of HP Touchpoint Analytics Client version 4.1.4.2827 on October 4. HP published procedures to detect if a device is vulnerable and appropriate remediation actions.

August 12, 2019
Ionut Ilascu / Bleeping Computer

Ionut Ilascu / Bleeping Computer  
Over 40 Drivers From At Least 20 Hardware Vendors Have Vulnerabilities That Can Lead to Privilege Escalation

More than 40 drivers from at least 20 hardware vendors contain vulnerabilities that can be abused to achieve privilege escalation, researchers at firmware and hardware security firm Eclypsium discovered. The vendors affected include every major BIOS vendor and big names in the computer hardware business like ASUS, Toshiba, Intel, Gigabyte, Nvidia, or Huawei and these drivers affect all modern versions of Windows, including Windows 10. Currently, no mechanism exists at a wider scale to prevent vulnerable drivers from loading.

August 9, 2019
Lawrence Abrams / Bleeping Computer

Lawrence Abrams / Bleeping Computer  
Security Researchers Discover, Publish Proof-of-Concept of Zero-Day Privilege Escalation Bug in Steam Game Client Posing Risk to 100 Million Users, Steam Doesn’t Commit to Fix

The popular Steam game client for Windows has a zero-day privilege escalation vulnerability that can allow an attacker with limited permissions to run a program as an administrator, posing a security threat to the client’s 100 million users, a security researcher known as Felix discovered. A second researcher named Matt Nelson published a proof of concept of the vulnerability and published it on GitHub. Valve chose not to issue a bug bounty payment or give an indication that they would fix it, and told the researchers that they were not allowed to disclose it.

July 26, 2019
Lawrence Abrams / Bleeping Computer

Lawrence Abrams / Bleeping Computer  
Europol Says ‘No More Ransom’ Project Has Prevented Ransomware Gangs From Making Profits of at Least $108 Million

On the third anniversary of the No More Ransom project, Europol announced that users who downloaded and decrypted files using free tools made available through the project have prevented ransomware gangs from making profits of at least $108 million. No More Ransom was formed as an alliance among Europol’s European Cybercrime Centre, the National High Tech Crime Unit of the Netherlands’ police, and McAfee to battle ransomware and provide free decryption services and support to victims. The project now consists of 151 partners, with BleepingComputer joining the project in 2018 to offer decryptors, information, and help to a wider range of victims.

Related: Computer Business Review, SC Magazine, BBC.com, ZDNet, Europol

Tweets:@campuscodi


October 16, 2019
Lawrence Abrams / Bleeping Computer

Lawrence Abrams / Bleeping Computer  
Adobe Issues a Slew of Patches Including Fixes for Forty-Five Critical Vulnerabilities in Acrobat and Reader

Adobe released security updates to resolve a slew of vulnerabilities that could allow attackers to gain unauthorized access, execute commands on vulnerable computers, or elevate their privileges. Adobe fixed a total of 68 vulnerabilities in Acrobat and Reader, which include 45 Critical vulnerabilities that could be easily exploited by hackers. Other fixes include 12 patches for Adobe Experience Manager, one for a cross-site scripting vulnerability in Adobe Experience Manager Forms, and one for a privilege escalation vulnerability caused by insecure file permissions in Adobe Download Manager.

Related: SymantecSC Magazine, Talos Intel, BleepingComputer.com, The Hacker News, The Register – Security, US-CERT Current Activity, Adobe, Adobe, Adobe, Computer Business Review, Security Affairs, Help Net Security


September 18, 2019
Ionut Ilascu / Bleeping Computer

Ionut Ilascu / Bleeping Computer  
New Threat Group TortoiseShell Is Compromising IT Providers in Seeming Supply Chain Attacks, Most Victims Based in Saudi Arabia

A newly discovered threat group called TortoiseShell is compromising IT providers in what seems to be supply chain attacks intended to reach the network of at least eleven specific customers, researchers at Symantec report.  The group’s activity is traced back to July although it’s possible it was operating earlier than that. Most of the group’s targets are based in Saudi Arabia and in at least two cases there are enough clues to conclude that the attacker had privileges of a domain administrator. TortoiseShell infected hundreds of hosts for two of the victims, likely because they needed to find the machines that were of interest. Two victims had previously been compromised by Poison Frog, a PowerShell-based backdoor associated in the past with activities from another advanced threat, OilRig (a.k.a. APT34, HelixKitten) linked to the Iranian government.