Search Results for “Independent”


May 3, 2020
Dan Goodin / Ars Technica

Dan Goodin / Ars Technica  
New Damaging Ransomware Strain Called LockBit Is Self-Replicating, Rapidly Spreading Malware That Aborts Itself on Machines in Russia, Commonwealth of Independent States

A new ransomware strain called LockBit, most prevalent in the US, the UK, France, Germany, Ukraine, China, India, and Indonesia, rampantly ran through a poorly secured network in a matter of hours leaving leaders with no choice but to pay the ransom, researchers at McAfee recently observed. After getting in, self-replicating LockBit used a dual method to map out and infect the victimized network, using ARP tables and server message blocks to allow infected nodes to connect to uninfected nodes.  Before the ransomware encrypted data, it connected to an attacker-controlled server and then used the machine’s IP address to determine where it was located. If the computer were in Russia or another country belonging to the Commonwealth of Independent States, it would abort the process. LockBit is sold in underground broker forums that often require sellers to put up a deposit that customers can recover in the event the wares don’t perform as advertised.

May 24, 2020
Lily Hay Newman / Wired

Lily Hay Newman / Wired  
Just-Released iOS Jailbreak Is Based on Zero-Day Flaw and Works on All Recent Versions, Apple Will Likely Take Weeks to Issue Fix

The jailbreaking team Unc0ver released a tool that will jailbreak all versions of iOS from 11 to 13.5. It is a jailbreak built on the first zero-day vulnerability in years, and Unc0ver did not disclose its findings to Apple in advance, meaning that there’s no patch coming in the next few days that will block the jailbreak. Security researchers who have tested say it’s stable. The flaw resides in iOS’s kernel.  Unc0ver’s lead developer Pwn20wnd and independent iOS security researchers estimate that it will take Apple two to three weeks minimum to prepare a fix unless they have already found the bug independently.

Related: ZDNet Security, WIRED, iPhone Hacks, Softpedia News, Big News Network, xda developers, iMore, TechCrunch, Slashdot, Reddit-hacking, TechWorm, The Verge, Softpedia News, AppleInsider, iPhone Hacks, Security Affairs, iTnews – Security

Tweets:@Pwn20wnd @ malwarejake @HiMyNameIsUbik

ZDNet Security: New Unc0ver jailbreak released, works on all recent iOS versions
Joseph Cox – VICE: Hackers Just Dropped a Jailbreak They Say Works for All iPhones
iPhone Hacks: How to Jailbreak iOS 13.5 on iPhone or iPad Using Unc0ver Jailbreak
Softpedia News: You Can Now Jailbreak Any iPhone Running iOS 13.5
Big News Network: Hackers release a new jailbreak that unlocks every iPhone TechCrunch
xda developers : New unc0ver exploit allows jailbreaking Apple iPhone and iPads running iOS/iPadOS 12 to 13.5 – XDA Developers
iMore: Does ExpressVPN work with Apple TV?
TechCrunch: Hackers release a new jailbreak that unlocks every iPhone
Slashdot: Newly-Released Jailbreak Tool Can Unlock Every iPhone and iPad
Reddit-hacking: New Unc0ver jailbreak released, works on all recent iOS versions | ZDNet
TechWorm: Hackers Release A New JailBreak That Works On All Recent iOS Versions
The Verge: New jailbreak tool works on Apple’s just-released iOS 13.5
Softpedia News: You Can Now Jailbreak Any iPhone Running iOS 13.5
AppleInsider: Hackers release ‘unc0ver’ 5.0 jailbreak tool that works on iOS 13.5
iPhone Hacks: iOS 13.5 Unc0ver 5.0 Jailbreak For All iPhones and iPads Released
Security Affairs: Unc0ver is the first jailbreak that works on all recent iOS versions since 2014
iTnews – Security: Unc0ver jailbreak opens up Apple iOS 11 to 13.5

@Pwn20wnd: #unc0ver v5.0.0 will be the first 0day jailbreak released since iOS 8! Every other jailbreak released since iOS 9 used 1day exploits that were either patched in the next beta version or the hardware. This will be a big milestone for jailbreaking.
@ malwarejake: I remember when people thought it was cool to jailbreak a device for daily use. The only reason we jailbreak anything today is for security testing. I can't imagine wanting a device I can't patch anymore, especially as Zerodium is signalling too many vulns
@HiMyNameIsUbik: So happy to be a part of the @unc0verTeam and creating the UI for the #unc0ver jailbreak. Thanks @Pwn20wnd ! May you find many more 0days and hack many future iOS versions.


March 10, 2020
Sergiu Gatlan / Bleeping Computer

Sergiu Gatlan / Bleeping Computer  
New ‘Load Value Injection’ Attack Against Intel Processors Can Allow Attackers to Inject, Steal Data

A new attack technique dubbed LVI (short for Load Value Injection) and tracked as CVE-2020-0551 against modern Intel processors can allow threat actors to inject malicious data into applications via transient-execution attacks and steal sensitive data, according to a group of researchers. The researchers are from Worcester Polytechnic Institute, imec-DistriNet/KU Leuven, Graz University of Technology, University of Michigan, University of Adelaide, and Data61. Bitdefender researchers also independently discovered one variant of attack in the LVI class (LVI-LFB) and reported it to Intel in February 2020. LVI allows attackers to change the normal execution of programs to steal data, including sensitive data such as passwords or private keys, that are usually meant to be kept private within SGX enclaves (Intel’s Software Guard eXtensions (SGX)). The attack, however, is a complex one entailing several prerequisites. Intel said it does not believe LVI is a practical method in real-world environments.

Related: ZDNet, Reddit – cybersecurity, Intel, The Hacker News, The Register – Security, SecurityWeek, WCCFtech, Computer Business Review, CRN, TechCrunch, TechJuice, Bitdefender, LVI Attack, Intel

Tweets:@TheHackersNews


May 9, 2020
Lily Hay Newman / Wired

Lily Hay Newman / Wired  
In-Person DEFCON and Black Hat Conferences Are Canceled This Year For Real, DEFCON Will Continue in ‘Safe Mode’ Virtual Format

After the infosec community joked for years that DEFCON, the preeminent hacker conference held every year in Las Vegas, would be canceled, this year, due to the coronavirus, the in-person version of DEFCON, along with the in-person version of its sister conference Black Hat, has been canceled for real. Both events will now shift to virtual mode.  The founder of both events, Jeff Moss, also known as the Dark Tangent, said in a forum post that the 28th Defcon would be known as “Safe Mode,” a play on what most operating systems use for their diagnostic and recovery mode. The conference organizing team will begin to coordinate talks, help facilitate subject-specific “villages” that are usually independent in-person events, and host events like remote capture-the-flag hacker challenges, remote Ham radio licensure exams, movie nights, and a Mystery Challenge.

Related: Dark Tangent, Reddit – cybersecurity, BleepingComputer.com, ZDNet, Neowin, Slashdot

Tweets:@defcon @harrihursti @steve_tornio @runasand @tactifail @racheltobac @marcwrogers @find_evil @snubs @hacks4pancakes

Dark Tangent: DEF CON 28 has entered “Safe Mode with Networking” I have shut down the in person conference
Reddit-hacking: Black Hat and DEF CON security conferences to take place in a virtual format | ZDNet
BleepingComputer.com: Black Hat and Def Con security conferences go virtual due to pandemic
ZDNet: Black Hat and DEF CON security conferences to take place in a virtual format
Neowin: DEF CON 2020 to take place online on Discord, Las Vegas conference cancelled
Slashdot: In-Person DEF CON 28 Event Is Canceled

@defcon: The @thedarktangent blog post on the #defconiscancelled situation is here: http://forum.defcon.org/node/232005 Please read and share. Thank you. #defconlovesyou #StaySafe
@harrihursti: In-person @DEFCON is officailly cancelled. The annual hoax announcement is not a hoax this time. @VotingVillageDC will organize a virtual event. Stay tuned!
@steve_tornio: Defcon and Black Hat may be cancelled, but MGM and Caesars staff will still be coming to your house unannounced to rifle through your things.
@runasand: Do I need a burner phone for virtual defcon or no
@tactifail: Interesting thing about @defcon 28. If you look at the ASCII table, you’ll notice that there is no octal value for 28 because 28 in octal doesn’t exist; it goes right from 027 to 030. 030 is the CAN character. For “canceled”. Coincidence? I think not.
@racheltobac: With the number of folks buying @defcon swag on eBay right now I’m just going to come right out and say that we should keep our heads on a swivel for an “eBay package delay” phish. It won’t be from me, but I bet we’ll see at least one in the community Robot faceSign of the hornsFishing pole and fish
@marcwrogers: DEF CON is officially cancelled. https://forum.defcon.org/node/232005 we will be putting on an online event instead. Details in the post. #DEFCON #DEFCONisCANCELLED
@find_evil: #DEFCON may be canceled IRL for the first time ever but the virtual event will still proceed — and I, for one, am looking forward to it ?
@snubs: YALL. DEF CON is actually, really cancelled. https://forum.defcon.org/node/232005 #defcon @defcon Everyone in charge made the right choice. Thank you @thedarktangent and all involved for considering our health and safety a priority. ??
@hacks4pancakes: What’s something good you hope comes out of @defcon Safe Mode? Positive thoughts and ideas only. Go!


December 9, 2015
Joseph C. Chen / Trend Micro

Joseph C. Chen / Trend Micro  
Blog of News Site “The Independent” Hacked, Leads to TeslaCrypt Ransomware

The blog page of one of the leading media sites in the United Kingdom, The Independent has been compromised, which may put its millions of readers at risk of getting infected with ransomware. We have already informed The Independent about this security incident. However, the site is still currently compromised and users are still at risk.
Related: Hackerstorm.co.uk News, Network World Security, Office of Inadequate Security

[expand title=”More”]

[/expand]

July 17, 2017
LOLITA C. BALDOR / Associated Press

LOLITA C. BALDOR / Associated Press  
U.S. to Create Independent Cyber Command, NSA to Become Civilian-Ruled, Report

As has been rumored and suggested for years, the U.S. plans to create a new independent Cyber Command, a branch of the military that is currently ruled by Admiral Michael Rogers, who also oversees the National Security Agency (NSA.) Under the new reported plan, Cyber Command will be split off from NSA to better focus on defense-related matters, while NSA will become subject to civilian rule. A final decision on the reorganization of NSA and Cyber Command is expected to be announced in a few weeks.

May 2, 2019
Nancy Scola / Politico

Nancy Scola / Politico  
Possible Facebook Settlement With FTC Would Designate Company Executives, Including CEO, As Privacy Watchdogs, Would Create ‘Independent’ Privacy Oversight Committee

Facebook and the Federal Trade Commission (FTC) are negotiating a possible settlement that would place privacy-minded executives at the top of the company including CEO Mark Zuckerberg who would take on the role of “designated compliance officer” responsible for carrying out the company’s privacy policies, according to a source. The deal would be a result of an FTC investigation into whether Facebook violated its 2011 privacy consent decree when it allowed 87 million users’ data to fall into the hands of Cambridge Analytica. The deal would also include creating an “independent” privacy oversight committee that may include Facebook board members, in addition to a record-breaking fine of $3 billion to $5 billion. Under the proposed settlement, according to the source, the FTC would “essentially” have veto power over the choice of a federally approved privacy executive, called an “assessor,” and the new privacy oversight committee would meet quarterly and issue periodic reports on the company’s privacy practices. Privacy advocates believe this deal does not go far enough because it still leaves privacy decisions up to Facebook and contains no new restrictions on Facebook’s data handling practices.

December 8, 2016
Andy Greenberg / Wired

Andy Greenberg / Wired  
Democrats Push For Independent Commission to Probe Russia’s Election Hacks

Two Democratic Congressmen Elijah Cummings (D-MD) and Eric Swalwell (D-CA), backed by a leading Republican Senator Lindsay Graham from South Carolina, introduced a bill to create a bi-partisan independent commission to investigate a vast array of U.S. election-related hacking incidents they believe were led by Russia. The bill was introduced on a day that Donald Trump reiterated his belief, with no foundation, that Russia was not behind the attacks.

Related: Russia Beyond The Headlines, AlterNet.org, The Korea Times News, The Huffington Post , The Hill: Cybersecurity, Network World Security, CNN.com – Politics, Mother Jones, ComputerworldFCW, Kyiv Post, WSJ.com, The HillThe Verge, The Hill, Zero Hedge, CNN.com – Politics, The Hill

Russia Beyond The Headlines: What is the updated Russian cyber-security doctrine about?
AlterNet.org: Michigan Election Officials Refuse to Recount Thousands of Ballots in State’s Communities of Color
The Korea Times News: Kremlin and US election
The Huffington Post : National Security Dems Want More Clarity On Russian Election Meddling
The Hill: Cybersecurity: Dems push for panel to probe Russian interference in election
Network World Security: Democrats unveil bill to probe Russia’s role in alleged election hacks
CNN.com – Politics: House Democrats to offer bill on Russia vote hacking
Mother Jones: Democrats Intensify Push for Probe of Russian Meddling in 2016 Campaign
Computeworld Security: Democrats push for probe of Russia’s role in alleged election hacks
FCW: Dems push for Russia hacking investigation
Kyiv Post: Wall Street Journal: Congressional calls grow for a probe of Russian hacking in US election
WSJ.com: Congressional Calls Grow for a Probe of Russian Hacking in U.S. Election
The Hill: Graham says he’ll lead probe of Russian intervention in election
The Verge: Despite everything, Donald Trump still isn’t sure Russia hacked the DNC
The Hill: Trump: Intel agencies blaming Russia for DNC hack was politically driven
Zero Hedge: Lindsey Graham Launches 2 Russian ‘Hacking’ Probes, Demands Trump “Toughen Tone”
CNN.com – Politics: Lindsey Graham, Democrats plan probes of Russia hacking
The Hill: Graham says he’ll lead probe of Russian intervention in election


November 8, 2019
Lorenzo Franceschi-Bicchierai and Joseph Cox / Motherboard

Lorenzo Franceschi-Bicchierai and Joseph Cox / Motherboard  
Alphabet’s Independent Cybersecurity Startup Chronicle is Dead and Now Folded Back Into Google, CEO, CSO Have Left the Company

Chronicle, the independent startup that Google’s parent company Alphabet started in 2018, which was supposed to revolutionize cybersecurity, has been folded back into Google, within its Cloud department. Chronicle’s CEO and chief security officer have already left, and the chief technology officer is leaving later this month, and other employees are looking to go too. Chronicle was founded with the idea of leveraging machine learning and Alphabet’s near-endless well of security telemetry data about known malware and internet infrastructure. The goal was to use these resources to help security teams at companies detect intrusions that could threaten a company’s network.