Search Results for “Sergiu Gatlan”

June 1, 2020
Sergiu Gatlan / Bleeping Computer

Sergiu Gatlan / Bleeping Computer  
Amtrak Says Unauthorized Party Gained Access to Its Guest Rewards Accounts, Personal Information May Have Been Viewed

In a data breach notice filed with Office of the Vermont Attorney General, Amtrak said that “On the evening of April 16, 2020, Amtrak determined that an unknown third party gained unauthorized access to certain Amtrak Guest Rewards accounts.” The U.S. railroad transportation company said it had determined compromised usernames and passwords were used to access certain accounts and some personal information may have been viewed. No financial data, credit card info, or Social Security numbers were compromised during this incident. Amtrak said it blocked the unauthorized third party from accessing the compromised Amtrak Guest Rewards accounts within a few hours after detecting suspicious activity.

April 6, 2020
Sergiu Gatlan / Bleeping Computer

Sergiu Gatlan / Bleeping Computer  
Interpol Warns That Cybercriminals Are Looking to Lock Hospitals Out of Critical Systems Using Ransomware Despite COVID-19 Crisis

Interpol warns that cybercriminals are increasingly attempting to lock hospitals out of critical systems in trying to deploy ransomware on their networks despite the currently ongoing COVID-19 outbreak even though various operators of ransomware claim they will steer clear of healthcare organizations during the crisis. Maze and Ryuk ransomware operators continue to be active in healthcare arenas. At the same time, Russian-speaking threat actors have also attacked two European companies in the pharmaceutical and manufacturing industries in incidents suspected to involve ransomware.

March 10, 2020
Sergiu Gatlan / Bleeping Computer

Sergiu Gatlan / Bleeping Computer  
New ‘Load Value Injection’ Attack Against Intel Processors Can Allow Attackers to Inject, Steal Data

A new attack technique dubbed LVI (short for Load Value Injection) and tracked as CVE-2020-0551 against modern Intel processors can allow threat actors to inject malicious data into applications via transient-execution attacks and steal sensitive data, according to a group of researchers. The researchers are from Worcester Polytechnic Institute, imec-DistriNet/KU Leuven, Graz University of Technology, University of Michigan, University of Adelaide, and Data61. Bitdefender researchers also independently discovered one variant of attack in the LVI class (LVI-LFB) and reported it to Intel in February 2020. LVI allows attackers to change the normal execution of programs to steal data, including sensitive data such as passwords or private keys, that are usually meant to be kept private within SGX enclaves (Intel’s Software Guard eXtensions (SGX)). The attack, however, is a complex one entailing several prerequisites. Intel said it does not believe LVI is a practical method in real-world environments.

Related: ZDNet, Reddit – cybersecurity, Intel, The Hacker News, The Register – Security, SecurityWeek, WCCFtech, Computer Business Review, CRN, TechCrunch, TechJuice, Bitdefender, LVI Attack, Intel


March 12, 2020
Sergiu Gatlan / Bleeping Computer

Sergiu Gatlan / Bleeping Computer  
Microsoft Issues Patch for RCE SMBv3 Wormable Bug Leaked Earlier This Week

Microsoft released the KB4551762 security update to patch the pre-auth RCE Windows 10 vulnerability found in Microsoft Server Message Block 3.1.1 (SMBv3), two days after leaking the flaw as part of its March 2020 Patch Tuesday releases.  The KB4551762 security update tracked as CVE-2020-0796 addresses “a network communication protocol issue that provides shared access to files, printers, and serial ports,” Microsoft said in its security update. The vulnerability, dubbed SMBGhost or EternalDarkness, only impacts devices running Windows 10, version 1903 and 1909, and Windows Server Server Core installations, versions 1903 and 1909.

Related: Sophos News, Heimdal Security Blog, SC Magazine, Computer Business Review, TechNadu, ZDNet Security, Dark Reading, CERT Recently Published Vulnerability Notes, Rapid7, The Hacker News, Microsoft

March 18, 2020
Sergiu Gatlan / Bleeping Computer

Sergiu Gatlan / Bleeping Computer  
NIST Releases Recommendations to Prevent Eavesdropping, Protect Privacy During Virtual Meetings Necessitated by COVID-19

The US National Institute of Standards and Technology (NIST) recommended several measures that should be taken by remote workers to prevent eavesdropping and protect their privacy during virtual meetings while working from home during the current COVID-19 pandemic. NIST warns that”if virtual meetings are not set up correctly, former coworkers, disgruntled employees, or hackers might be able to eavesdrop.” Among the measures recommended are using conferencing software’s built-in security features, employing multi-factor authentication for meetings, limit the reuse of meeting access codes, and enabling notifications on attendees joining in to be able to quickly identify those who shouldn’t be attending and a host of other considerations. NIST’s recommendations follow the release of advice from DHS’s Cybersecurity and Infrastructure Security Agency (CISA) on how to secure VPNs.

Related: Infosecurity Magazine, New York Times, Tech Insider, Gadgets Now, CSO Online, Lowyat.NET, The Sun, Trusted Reviews, ZDNet Security, Techradar, TechUK, SANS, BitSight Security Ratings Blog, iPhone Hacks, Business Insider, Carbon Black, Professional Security Magazine, NIST

Infosecurity Magazine : Working from Home Policies and the Future of Cybersecurity – Infosecurity Magazine
New York Times : Ahead of the Pack, How Microsoft Told Workers to Stay Home
Tech Insider: The Big 3 Detroit automakers and the UAW are joining forces to ensure worker safety as coronavirus threatens plant shutdowns (GM, F, FCAU)
Gadgets Now: Hackers eye workers from home in absence of secure networks
Gadgets NDTV : Coronavirus: Hackers Eye Workers From Home in Absence of Secure Networks
CSO Online: 8 key security considerations for protecting remote workers
Lowyat.NET: Working From Home? Here Are 6 Free Collaborative Tools To Help You Out
The Sun: Best apps for working from home and coronavirus self-isolation – Skype, Slack, Zoom, Hangouts, Discord, Trello and more
Trusted Reviews: Top tech hacks when working from home
ZDNet Security: Work from home on the cheap: Build a budget home office for under $300
Techradar: 5 things to consider when building your home office
TechUK : Strengthening cyber security when working from home
SANS : This is BIG – Please Help Secure Orgs Around the World (Literally) Due to COVID-19
BitSight Security Ratings Blog: Novel Coronavirus Brings New Challenges For Security Teams
iPhone Hacks: Apple Employees Struggling to Work from Home Due to the Company’s Tight Secrecy Rules
Business Insider: Apple’s culture of secrecy is making it hard for employees to work remotely during the coronavirus outbreak, report says
Carbon Black: Tips for Securing Remote Workers
Professional Security Magazine: Coronavirus and work from home
NIST: Preventing Eavesdropping and Protecting Privacy on Virtual Meetings

March 25, 2020
Sergiu Gatlan / Bleeping Computer

Sergiu Gatlan / Bleeping Computer  
General Electric Says Sensitive Data on Current and Former Employees Were Stolen During Breach at Canon Subsidiary

General Electric (GE) disclosed that personally identifiable information of current and former employees, as well as beneficiaries, was exposed in a security incident experienced by one of GE’s service providers, Canon Business Process Services (Canon). One of Canon’s employees had their email accounts breached by an unauthorized party in February, the company said in a notice of data breach filed with the Office of the California Attorney General. GE also states that the sensitive personal information exposed during the incident was uploaded by or for current and former GE employees, as well as “beneficiaries entitled to benefits in connection with Canon’s workflow routing service.” A wide range of sensitive personal data was exposed during the breach including not only names, social security numbers, and addresses but also direct deposit forms, driver’s licenses, passports, birth certificates, marriage certificates, death certificates, medical child support orders, tax withholding forms, beneficiary designation forms and applications for benefits such as retirement and much more. Canon is offering identity protection and credit monitoring services to affected individuals for two years at no cost through Experian.

March 27, 2020
Sergiu Gatlan / Bleeping Computer

Sergiu Gatlan / Bleeping Computer  
Unpatched Security Vulnerability in iOS Blocks VPNs From Encrypting All Traffic, Can Lead to Exposure of User Data, IP Address Leaks

ProtonVPN has disclosed that a currently unpatched security vulnerability affecting iOS 13.3.1 or later prevents virtual private networks (VPNs) from encrypting all traffic and can lead to some Internet connections bypassing VPN encryption to expose users’ data or leak their IP addresses. Although connections made after connecting to a VPN on an iOS device are not affected by this bug, all previously established connections will remain outside the VPN’s secure tunnel. “Neither ProtonVPN nor any other VPN service can provide a workaround for this issue because iOS does not permit a VPN app to kill existing network connections,” Proton VPN said, people in countries where surveillance and civil rights abuses are common most at risk from the flaw.

Related: iDownloadblog, The Mac Observer, AppleInsider, Privacy Online News, Phone Hacks, ProtonVPN

Tweets:@MiamiTechNews @ProtonVPN

March 30, 2020
Sergiu Gatlan / Bleeping Computer

Sergiu Gatlan / Bleeping Computer  
Zeus Sphinx Banking Trojan Comes Back as Part of Coronavirus-Themed Phishing Campaign

After a three-year hiatus, the Zeus Sphinx banking Trojan  (also known as Zloader and Terdot) recently resurfaced as part of a coronavirus-themed phishing campaign, the most common theme behind most attacks by far during the current pandemic, IBM X-Force researchers said. This campaign uses phishing emails that come with malicious documents designed to look like documents with information on government relief payments. As is true of previous campaigns, this campaign focuses on targets who use major banks from the US, Canada, and Australia.

April 2, 2020
Sergiu Gatlan / Bleeping Computer

Sergiu Gatlan / Bleeping Computer  
Hackers Are Brute-Forcing Vulnerable Microsoft SQL Servers to Install Cryptominers, Backdoors in ‘Vollgar’ Campaign

Hackers have been brute-forcing between 2,000 and 3,000 vulnerable Microsoft SQL (MSSQL) servers daily to install cryptominers and remote access Trojans (RATs) since May 2018, researchers at Guardicore report.  The campaign has been dubbed Vollgar because the crypto-mining scripts it deploys on compromised MSSQL will mine for Monero (XMR) and Vollar (VDS) cryptocurrency. The affected MSSQL servers are mostly those with weak credentials. Guardicore, therefore, advises users not to expose MSSQL database servers to the Internet, as well as to use segmentation and whitelist access policies to make them accessible only to specific machines on an organization’s network.

Related: The Hacker News, Security Affairs, CSO Online, Decrypt, GuardiCore


Sergiu Gatlan / Bleeping Computer

Sergiu Gatlan / Bleeping Computer  
Cloudflare Introduces New Privacy-Focused DNS Resolver for Families to Help Safeguard Children’s Online Security and Privacy

Cloudflare introduced a new tool called for Families, which it touts is the easiest way to add a layer of protection to home networks and protect them from malware and adult content. It is a privacy-focused DNS resolver designed to help parents in their efforts to safeguard their children’s online security and privacy by automatically filtering out bad sites. for Families comes with two options: the first one will automatically block malware content only, while the second is designed to prevent both malware and adult content from reaching your children while they browse the web.

Related: How-To Geek, The Register – Security, Slashdot, ZDNet, Android Police, BetaNews, SlashGear, gHacks, Cloudflare