Search Results for “Krebs on Security”


March 10, 2020
Brian Krebs / Krebs on Security

Brian Krebs / Krebs on Security  
Microsoft Issues Fixes for 115 Security Holes Across Various Windows Operating Systems and Associated Software

Microsoft released updates to plug 115 security holes in its various Windows operating systems and associated software, twenty-six of which are rated critical, but none of which are considered zero-day flaws. One flaw fixed this month in Microsoft Word (CVE-2020-0852) could be exploited to execute malicious code on a Windows system just by getting the user to load an email containing a booby-trapped document in the Microsoft Outlook preview panel. Microsoft also fixed a flaw in a new component Microsoft debuted this year called Application Inspector, a source code analyzer designed to help Windows developers identify “interesting” or risky features in open source software (such as the use of cryptography, connections made to a remote entity, etc.).

April 15, 2020
Brian Krebs / Krebs on Security

Brian Krebs / Krebs on Security  
Microsoft Issues Fixes for 113 Security Vulnerabilities Including Three Zero-Day Flaws Exploited in the Wild, Adobe Issues Skinny Bundle of Updates but None for Flash

In its monthly security fixes collectively known as Patch Tuesday, Microsoft released updates to fix 113 security vulnerabilities across its Windows operating systems and related software, including at least three flaws that are actively being exploited. The three flaws exploited in the wild include CVE-2020-1020, a remotely exploitable bug in the Adobe Font Manager library that was first detailed in late March.  The Adobe Font Manager library is the source of yet another zero-day flaw — CVE-2020-0938. The final zero-day flaw fixed is a slightly less dangerous elevation of privilege vulnerability (CVE-2020-1027) affecting Windows 7 and Windows 10 systems. Adobe issued up a skinny bundle of updates for Cold Fusion, Adobe After Effects, and Adobe Digital Editions, although no fixes for its usually problematic Flash player.

Related: Appuals.com, Petri, Threatpost, Talos Intel, BleepingComputer.com, SANSThe Register – Security, ZDNet Security, SC Magazine,SC Magazine, Sophos News, Tenable Blog, Rapid7gHacks, BleepingComputer.com, The Hacker News


March 10, 2020
Brian Krebs / Krebs on Security

Brian Krebs / Krebs on Security  
FBI Arrested Russian Security Researcher for Running deer.io, a Shopify-Like Marketplace for Stolen Online Service Account Credentials

The FBI arrested Russian computer security researcher Kirill V. Firsov on March 7 at New York’s John F. Kennedy Airport on suspicion of operating deer.io, a vast  Shopify-like marketplace for buying and selling stolen account credentials for thousands of popular online services and store. Prosecutors with the U.S. District Court for the Southern District of California allege Firsov was the administrator of deer.io, an online platform that hosted more than 24,000 shops for selling stolen or hacked usernames and passwords for a variety of top online destinations. The indictment says Firsov is responsible for $17 million worth of stolen credential sales since its inception in 2013. Firsov is slated to be arraigned later this week, when he will face two felony counts, aiding and abetting the unauthorized solicitation of access devices, and aiding and abetting trafficking in “false authentication features.

April 3, 2020
Brian Krebs / Krebs on Security

Brian Krebs / Krebs on Security  
New Automated Zoom Meeting Discovery Tool ‘zWarDial’ Shows Many Zoom Meetings Are Unprotected by Passwords as FBI Issues Warning of ‘Zoombombing’

According to data gathered by a new automated Zoom meeting discovery tool dubbed “zWarDial,” a substantial number of meetings at major corporations are not being protected by a password, which could lead to those meetings being “Zoom bombed” or eavesdropped upon. Each Zoom conference call is assigned a Meeting ID that consists of 9 to 11 digits. Naturally, hackers have figured out they can simply guess or automate the guessing of random IDs within that space of digits. The incidence of Zoombombing has reached such a peak that the FBI issued a warning earlier this week about the problem and guided how to keep meetings secure.

Related: TechBeacon, Thomas Brewster – Forbes, Slashdot, iTnews – Security, USA Today, bobsullivan.net, MacRumors, The Register – Motley Fool, Techerati, ExtremeTech, Fortune, MarketWatch.com – Software Industry News, E-Commerce Times, The Guardian,  BGR, CNN.com, WashingtonExaminer.com, Pocket-lint, The Verge, HealthITSecurity, SecurityWeek, iTnews – Security, SiliconANGLE,channelnews, Blog – Wordfence, FOX News, Big News Network, Inverse, Slashdot, The Verge,The Hill, Futurism, Rapid7, Motley Fool, rthk.hk Local, Mashable, Inverse, EFF, ExtremeTech, Verdict, Popular Science, Heavy.com, The Sun, TechTarget, The Sun, New Zealand Herald – Top Stories, Android Central , Tech Insider, Vox

Tweets:@iblametom

TechBeacon: Zoom: Just one click, and privacy went ‘boom’
Thomas Brewster – Forbes: Why Zoom Really Needs Better Privacy: $1.3 Million Orders Show The US Government’s COVID-19 Response Is Now Relying On It
Slashdot: SpaceX Bans Zoom Over Privacy Concerns
iTnews – Security: Musk’s SpaceX bans Zoom over privacy and security concerns
USA Today: Do these things to keep hackers out of your Zoom calls
bobsullivan.net: As Zoom use explodes, so do Zoom problems. Here’s my security checklist
MacRumors: Zoom Updates Mac App Installer to Remove Controversial ‘Preflight’ Installation Method
Cyber News Group : Zoom now being sued through sharing personal data – UK government, however, defends its use
The Register – Security: Yeah, that Zoom app you’re trusting with work chatter? It lives with ‘vampires feeding on the blood of human data’
Heimdal Security : SECURITY ALERT: Zoom Under Scrutiny in Wake of UNC Patch Injection Issue Disclosure
Reddit – cybersecurity: Zoom has another security flaw. ‘Researchers at a company called Bleeping Computer have exposed another security flaw with the conferencing application Zoom—one that allows hackers to steal user passwords.’
US-CERT Current Activity: FBI Releases Guidance on Defending Against VTC Hijacking and Zoom-bombing
Infosecurity.US: The Continuing ZOOM Security Fails: A Litany Of Security Incompetence
Cult of Mac: 5 Zoom alternatives to keep you connected during COVID-19 crisis
Verdict: Zoom unveils 90-day plan to rebuild reputation
Motley Fool: Zoom Freezes All New Feature Rollouts to Shift Resources Toward Privacy and Safety
Techerati: Zoom halts development to plug security holes
ExtremeTech: Zoom Removes Tool That Secretly Displayed Your LinkedIn Data
Fortune: Zoom meetings keep getting hacked. Here’s how to prevent ‘Zoom bombing’ on your video chats
MarketWatch.com – Software Industry News: Zoom Video lurches from boom to backlash amid privacy issues, ‘Zoom bombing’ attacks
E-Commerce Times: Zoom’s Soaring Popularity Is a Double-Edged Sword
The Guardian: ‘Zoom is malware’: why experts worry about the video conferencing platform
BGR: Zoom responds to backlash over privacy concerns
CNN.com: Zoom CEO apologizes for having ‘fallen short’ on privacy and security
WashingtonExaminer.com: ‘Zoom-bombing’ and privacy flaws plague app that has become immensely popular during coronavirus outbreak
Pocket-lint: Zoom pauses new features to focus on security as users grow 20x in three months
The Verge: Zoom quickly fixes ‘malware-like’ macOS installer with new update
HealthITSecurity: Zoom to Halt Feature Development to Bolster Privacy, Security for COVID-19
SecurityWeek: Zoom’s Security and Privacy Woes Violated GDPR, Expert Says
iTnews – Security: Musk’s SpaceX bans Zoom over privacy and security concerns
SiliconANGLE: Zoom CEO ‘deeply sorry’ after privacy issues, promises improvements
channelnews: Zoom Slammed Over Security Issues & China Server
Blog – Wordfence: Safety and Security While Video Conferencing with Zoom
FOX News: SpaceX bans its employees using Zoom over privacy concerns, report says
Big News Network: Elon Musk’s SpaceX bans Zoom over privacy concerns
Inverse: SpaceX drops Zoom due to ‘significant’ privacy concerns
Slashdot: SpaceX Bans Zoom Over Privacy Concerns
The Verge: Zoom has disabled a feature that was exposing users’ LinkedIn profiles
The Hill: Zoom CEO says company reached 200 million daily users in March
Futurism: Experts Warn That Hackers Can Use Zoom to Take Over Your Computer
Rapid7: Dispelling Zoom Bugbears: What You Need to Know About the Latest Zoom Vulnerabilities
Motley Fool: Why Zoom Video Communications Stock Fell Today
rthk.hk Local: Privacy chief warns of video conference risks
Mashable: Zoom was secretly mining LinkedIn data and sharing it with some users
Inverse: SpaceX drops Zoom due to ‘significant’ privacy concerns
EFF: Harden Your Zoom Settings to Protect Your Privacy and Avoid Trolls
ExtremeTech: Zoom Removes Tool That Secretly Displayed Your LinkedIn Data
Blog – Wordfence: Safety and Security While Video Conferencing with Zoom
Verdict: Zoom unveils 90-day plan to rebuild reputation
Popular Science: Check these privacy and security settings before your next Zoom video chat
Heavy.com: Zoom Bombing: 5 Fast Facts You Need to Know
The Sun: Zoom chat app says 200MILLION people are using it every DAY as coronavirus crisis forces world into lockdown
channelnews: Zoom Slammed Over Security Issues & China Server
Fortune: Zoom meetings keep getting hacked. Here’s how to prevent ‘Zoom bombing’ on your video chats
TechTarget: Risk & Repeat: Zoom security comes under fire
The Sun: Zoom chat app says 200MILLION people are using it every DAY as coronavirus crisis forces world into lockdown
New Zealand Herald – Top Stories: Zoom boss ‘deeply sorry’ over security claims, expert unconvinced
Android Central : If you’re fed up with Zoom’s shenanigans, here’s out to delete your account
Tech Insider: Protect your Zoom meetings with a password now — otherwise, you’re leaving the door wide open for hackers to ‘Zoom-bomb’
Vox: Zoom’s sudden spike in popularity is revealing its privacy (and porn) problems

@iblametom: New - Guess who spent over $1 million on Zoom tech in just a few days? CDC, FEMA and NIH. As in all the US gov bodies responding to the coronavirus crisis. This is where Zoom security and privacy needs to be much better.


May 12, 2020
Brian Krebs / Krebs on Security

Brian Krebs / Krebs on Security  
Microsoft Issues 111 Software Updates for Windows, Windows-Based Programs, Adobe Releases Two Dozen Patches for Acrobat and Reader

Microsoft issued software updates to plug at least 111 security holes in Windows and Windows-based programs, the third month in a row that Microsoft has pushed out patches for more than 110 flaws. Sixteen of the bugs are labeled critical, but virtually all of the non-critical flaws in this month’s batch earned Microsoft’s “Important” rating. Adobe also issued its Patch Tuesday updates for some of its products. An update for Adobe Acrobat and Reader covers two dozen critical and important vulnerabilities, but once again, there were no security fixes for Adobe’s problematic Flash player.

Related: Qualys Blog, The State of Security, Tenable Blog, Talos Intel, ZDNet Security, WCCFtech, BleepingComputer.com, Rapid7, SC Magazine, Dark Reading: Threat Intelligence, Cyberscoop, gHacks, The Zero Day Initiative

Tweets:@briankrebs @thezdi @campuscodi

Qualys Blog: May 2020 Patch Tuesday – 111 Vulns, 16 Critical, SharePoint, VS Code, Adobe Patches
The State of Security: VERT Threat Alert: May 2020 Patch Tuesday Analysis
Tenable Blog: Microsoft’s May 2020 Patch Tuesday Addresses 111 CVEs
Talos Intel: Microsoft Patch Tuesday — May 2020: Vulnerability disclosures and Snort coverage
ZDNet Security: Microsoft May 2020 Patch Tuesday fixes 111 vulnerabilities
WCCFtech: Patch Tuesday Brings Windows 10 Cumulative Updates for All Versions of the OS
BleepingComputer.com: Windows 10 Cumulative Updates KB4556799 & KB4551853 Released
Rapid7: Patch Tuesday – May 2020
SC Magazine: Microsoft again surpasses 100 vulnerabilities on Patch Tuesday | SC Media
Dark Reading: Threat Intelligence: Microsoft Fixes 111 Vulnerabilities for Patch Tuesday
Cyberscoop: Microsoft’s May ‘Patch Tuesday’ remedies 111 vulnerabilities
gHacks: Microsoft Windows Security Updates May 2020 overview
The Zero Day Initiative:</span? The May 2020 Security Update Review 

@briankrebs: It's Patch Tuesday, peeps! This means all you MS Windows (ab)users should soon see prompts to restart your PC and install updates. Back up your data/system first, please! Microsoft fixed 111 flaws in Windows software. Also, updates for Adobe Reader/Acrobat https://krebsonsecurity.com/2020/05/micros
@thezdi: It's the 2nd Tuesday of the month, which means the latest #security patches from #Adobe and #Microsoft are here. Join @dustin_childs as he breaks down the details of another large release. https://bit.ly/3bsYQWx #PatchTuesday
@campuscodi: Microsoft May 2020 Patch Tuesday started rolling out earlire today -This month, Microsoft fixed 111 vulnerabilities - No zero-days this time - 3rd largest PT in MSFT's history https://zdnet.com/article/micros


May 6, 2020
Brian Krebs / Krebs on Security

Brian Krebs / Krebs on Security  
Europe’s Largest Private Hospital Operator Fresenius Hit by Ransomware Attack, Snake Ransomware Indicated

Against a backdrop of increasing attacks against healthcare providers during the coronavirus pandemic, Europe’s largest private hospital operator, Fresenius, which is also a significant provider of dialysis products and services currently in high demand, has been hit in a ransomware attack. The company said the attack had forced the shut down of some system, but that patient care remains unaffected. One employee said, though, that the attack had affected every part of the company’s operations around the globe and the malware used was the Snake ransomware, a relatively new strain first detailed earlier this year. The company confirmed the attack but declined to answer questions about specific aspects of it.

May 27, 2020
Brian Krebs / Krebs on Security

Brian Krebs / Krebs on Security  
Romanian ATM Skimming Group in Mexico Has Been Protected by Senior Government Attorney Complaint Alleges

A group of Romanians operating an ATM company in Mexico suspected of bribing technicians to install sophisticated Bluetooth-based skimmers in cash machines has enjoyed legal protection from a senior anti-corruption official in the Mexican attorney general’s office, according to a new complaint filed with the government’s internal affairs division. The complaint centers on Camilo Constantino Rivera, who heads the unit in the Mexican Special Prosecutor’s office responsible for fighting corruption, and alleges that his brother has served as a security escort and lawyer for Floridan Tudor, the reputed boss of a Romanian crime syndicate recently targeted by the FBI for running an ATM skimming and human trafficking network that operates throughout Mexico and the United States. As a side note, a text exchange seems to indicate Tudor’s group contemplated taking a hit on the life Brian Krebs for uncovering their operation in a 2015 investigation.

May 19, 2020
Brian Krebs / Krebs on Security

Brian Krebs / Krebs on Security  
Cybercriminals on the Dark Web Are Running Vulnerability Testing Services to Help Malware Authors Find and Fix Flaws in Their Code

Cybercriminals on the dark web, such as one called RedBear, the administrator of a Russian-language security site called Krober[.]biz, operate malware testing services to help malware authors, and those who lease or buy malware services find and fix the flaws in their code. Among the malware types reviewed for flaws by these services are bot admin panels, code injection panels, shell control panels, payment card sniffers, traffic direction services, exchange services, spamming software, doorway generators, and scam pages. Among the high-profile malicious tools examined for flaws by RedBear are the Black Energy DDoS bot administration panel, malware loading panels tied to the Smoke and Andromeda bot loaders, the RMS, and Spyadmin trojans; and a popular loan scan script.

May 16, 2020
Brian Krebs / Krebs on Security

Brian Krebs / Krebs on Security  
Fraudsters Are Stealing Potentially Hundreds of Millions From State Unemployment Programs

A sophisticated Nigerian crime ring is exploiting multiple state unemployment insurance programs at a time when they are under tremendous strain, committing fraud and stealing potentially hundreds of millions of dollars earmarked for averting an economic collapse, according to a new alert issued by the U.S. Secret Service. The crime ring has been filing unemployment claims in different states using Social Security numbers and other personally identifiable information (PII) belonging to identity theft victims, and “a substantial amount of the fraudulent benefits submitted have used PII from first responders, government personnel and school employees,” a memo from the Secret Service says. “The primary state targeted so far is Washington, although there is also evidence of attacks in North Carolina, Massachusetts, Rhode Island, Oklahoma, Wyoming, and Florida,” according to the memo. Many states don’t have enough controls in place to detect patterns that might help better screen out fraudulent unemployment application experts say.

March 20, 2020
Brian Krebs / Krebs on Security

Brian Krebs / Krebs on Security  
New Variant of Mirai Botnet Malware Exploits Previously Patched Zero-Day Flaw in Zyxel’s Routers, VPN Firewalls and NAS Devices

Researchers at Palo Alto Networks have spotted a zero-day vulnerability in Taiwanese vendor Zyxel’s routers and VPN firewall products that fixed by the manufacturer being exploited by a new variant of Mirai, a malware strain that targets vulnerable Internet of Things (IoT) devices for use in large-scale attacks and as proxies for other cybercrime activity. The experts at Palo Alto Networks’s Unit 42 said that their sensors detected the new Mirai variant, dubbed Mukashi, on March 12.  This new strain targets CVE-2020-9054, a critical flaw that exists in many VPN firewalls and network-attached storage (NAS) devices made by Zyxel, which boasts around 100 million devices deployed worldwide. IoT systems infected by Mukashi report back to a control server, which can be used to issue new instructions such as downloading additional software or launching distributed denial of service (DDoS) attacks. Zyxel issued a patch for the flaw on February 24, but the update did not fix the problem on many older Zyxel devices, which are no longer being supported by the company. Zyxel said to disconnect those devices from the internet.

Related: Threatpost, ZDNet, ComputerWeekly: IT security, Unit42 Palo Alto Networks, Ars Technica, Reddit – cybersecurity, TechTarget, Security Affairs