Search Results for “ZDNet”

June 15, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Intel Includes Malware-Thwarting Technology CET in Tiger Lake Mobile CPUs

Intel announced that its experimental CET, Control-flow Enforcement Technology security feature, which has been in the works since 2016,  would be first made available in the company’s upcoming Tiger Lake mobile CPUs.  CET guards against malware by protecting the control flow via two new security mechanisms, shadow stack, and indirect branch tracking.CET has launched for Intel’s line of mobile CPUs that use the Tiger Lake microarchitecture, but the technology will also be available in desktop and server platforms, according to the company.

Related: Slashdot, Ars Technica, SecurityWeek, SiliconANGLE, Business Wire Technology News, Dark Reading: Vulnerabilities / Threats, ZDNet, Techradar, Bleeping Computer, The Register – Security, Threatpost, AndroidRookies, Techradar

June 18, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Large Majority of Netgear Router Models Are Vulnerable to Severe Security Flaw That Allow Remote Take-Overs by Hackers

A large majority, 79%. of Netgear router models are vulnerable to a severe security flaw that can let hackers take over devices remotely, two security researchers, Adam Nichols from cyber-security GRIMM and a security researcher going by the nickname of d4rkn3ss, working for Vietnamese internet service provider VNPT, discovered. The vulnerability impacts 758 different firmware versions that have been used on 79 Netgear routers across the years, with some firmware versions being first deployed on devices released as far back as 2007.

Related: Reddit – cybersecurity, News Tom’s Guide, Cyberscoop, Security Affairs, Grimm, Zero-Day Initiative

Tweets:@campuscodi @snd_wagenseil

June 25, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
FBI Warns K12 Schools About Increase of Ransomware Attacks During Pandemic, Particularly Ransomware That Abuses RDP Connections

The US Federal Bureau of Investigation (FBI) sent out a security alert called a Private Industry Notification or PIN to K12 schools about the increase in ransomware attacks during the coronavirus (COVID-19) pandemic. The alert warned in particular about ransomware gangs that abuse RDP (remote desktop protocol) connections to break into school systems. The PIN said that “cyber actors are likely to increase targeting of K-12 schools during the COVID-19 pandemic because they represent an opportunistic target as more of these institutions transition to distance learning.” The Bureau said that 1,233 K12 schools were potentially targeted in 2019, with another 422 schools targeted in Q1 2020 alone.

June 27, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Apple Announces Support for Encrypted DNS Communications in Upcoming Versions of iOS and macOS

Apple announced that the upcoming versions of its iOS and macOS operating systems would support the ability to handle encrypted DNS communications. Apple said that iOS 14 and macOS 11, set to be released this fall, will support both the DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) protocols. DoH and DoT allow a desktop, phone, or individual app to make DNS queries and receive DNS responses in an encrypted format thus preventing third-parties and malicious threat actors from tracking a user’s DNS queries and inferring the target’s web traffic destinations and patterns.

Related: The Register, Android Authority, Slashdot, The Mac Observer. Appauls, iPhone Hacks


June 29, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Apple Forced Certificate Authorities to Accept New Default Lifespan of 398 Days for TLS Certificates

A move by Apple in February to implement 398-day TLS certificate lifespans on its devices regardless of what certificate authorities in the industry-leading CA/B Forum thought of the issue has forced the certificate authority industry to accept a new default lifespan of 398 days for TLS certificates. Following Apple’s decision, Mozilla and Google have stated similar intentions to implement the same rule in their browsers. TLS lifespans started at eight years, and through the years, browser makers have chipped away at it, bringing it down to five, then to three, and then to two. Now, starting September 1, TLS lifespans started at eight years, and through the years, browser makers have chipped away at it, bringing it down to five, then to three, and then to two.

Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Apple Declines to Implement Sixteen New Web APIs Because They Could Allow Advertisers, Analytics Firms to Fingerprint Users and Devices

Apple said this week that it declined to implement 16 new web technologies (Web APIs) in Safari because they posed a threat to user privacy by allowing online advertisers and data analytics firms to create scripts that fingerprint users and their devices. The technologies, almost all of which are implemented in Chromium browsers only, include Web Bluetooth, Web MIDI API, Magnetometer API, Web NFC API, Device Memory API, Network Information API, Battery Status API, Web Bluetooth Scanning, Ambient Light Sensor, HDCP Policy Check extension for EME, Proximity Sensor, WebHID, Serial AP, Web USB, Geolocation Sensor, and User Idle Detection.

June 30, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
New Ransomware Strain Targeting macOS Users ‘EvilQuest’ Can Give Attacker Full Control Over Infected Host

A new ransomware strain targeting macOS users named OSX.EvilQuest differs from previous macOS ransomware threats because besides encrypting the victim’s files, it also installs a keylogger, a reverse shell, and steals cryptocurrency wallet-related files from infected hosts. With these capabilities, an attacker can maintain full control over an infected host. Some evidence indicates that EvilQuest has been distributed in the wild since the start of June 2020. Some researchers have found EvilQuest hidden inside pirated macOS software uploaded on torrent portals and online forums. Patrick Wardle of Objective-See, who has created several open-source macOS security tools, said that a tool he released in 2016, named RansomWhere, can detect and stop EvilQuest from running. Thomas Reed of Malwarebytes said that Malwarebytes for Mac was also updated to detect and stop this ransomware before it does any damage.

Related: AppleInsider, Objective-See, Malwarebytes, MacRumors, Six Colors, Anomali Blog, AndroidRookies, AppleInsider, MSSP Alert, Threatpost,,, Threatpost, The Hacker News, Bleeping Computer

Tweets:@dineshdina04 @campuscodi @campuscodi @campuscodi @objective_see

AppleInsider: New ‘EvilQuest’ ransomware is actively targeting macOS users in the wild
Objective-See: OSX.EvilQuest Uncovered
Malwarebytes: New Mac ransomware spreading through piracy
MacRumors: New Mac Ransomware Found in Pirated Mac Apps
Six Colors: New Mac ransomware spreading via piracy ?
Anomali Blog: Weekly Threat Briefing: Backdoors, Magecart, Spearphishing, Ransomware and More
AndroidRookies: New EvilQuest Ransomware targets macOS powered Apple PC/laptops
AppleInsider: New ‘EvilQuest’ ransomware is actively targeting macOS users in the wild
MSSP Alert: Apple Mac Ransomware: EvilQuest Variant Surfaces
Threatpost: EvilQuest Mac Ransomware Has Keylogger, Crypto Wallet-Stealing Abilities ‘EvilQuest’ Mac ransomware spreading through pirated Mac apps Ransomware Targets Mac Users
Threatpost : EvilQuest Mac Ransomware Has Keylogger, Crypto Wallet-Stealing Abilities
The Hacker News: A New Ransomware Targeting Apple macOS Users Through Pirated Apps
Bleeping Computer: EvilQuest wiper uses ransomware cover to steal files from Macs

@dineshdina04: #macOS #ransomware impersonating as Google Software Update program with zero detection. MD5: 522962021E383C44AFBD0BC788CF6DA3 6D1A07F57DA74F474B050228C6422790 98638D7CD7FE750B6EAB5B46FF102ABD @philofishal @patrickwardle @thomasareed
@campuscodi: NEW: Security researchers have discovered a new macOS ransomware this week Name: OSX.EvilQuest Distributed: Pirated software on torrent portals/forums Encryption: Still under analysis, might be cracked
@campuscodi: Analysis of this new threat is now pouring in. There's an Objective-See blog post ( and Malwarebytes has published an analysis too ( SentinelOne is also working on one, as there's a lot of weird stuff inside this ransomware.
@campuscodi: The most interesting part about EvilQuest is that the ransomware tries (and fails) to modify files used by the Chrome updater and use them as a boot persistence mechanism.
@objective_see: Memo New Blog Post: "OSX.EvilQuest Uncovered" A new piece of Red apple malware: Closed lock with key ransoms your files Satellite antenna pops a reverse shell Keyboard steals your keystrokes Gear executes in-memory payloads ...but our (free) tools thwart it w/ no a priori knowledge! H/T @dineshdina04

May 26, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
New Attacks by Russian State-Sponsored Hacking Group Turla Uses Updated Version of ComRAT Malware Capable of Exfiltrating Antivirus Logs, Controlling Malware Using Arbitrary Gmail Inbox

New attacks carried out by Turla, one of Russia’s most advanced state-sponsored hacking groups, targeted a national parliament in the Caucasus and two Ministries of Foreign Affairs in Eastern Europe, researchers at ESET report. The attacks took place in January 2020 and represent the continuation of attacks by the group against diplomatic and military entities. The attacks stand out because they used updated versions of ComRAT malware, also known as Agent.BTZ, one of Turla’s oldest weapons.  This updated version of what is known as ComRAT v4 includes two new features, such as the ability to exfiltrate antivirus logs and the ability to control the malware using attachments sent to an arbitrary Gmail inbox. Despite the changes, the malware is still primarily used as a second-stage payload on already infected hosts.

Related: SC Magazine, Bleeping Computer, The Hacker News, We Live Security

Tweets:@campuscodi @BleepinComputer @TheHackersNews

May 15, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Russian Hacking Group Turla Uses New Version of COMfun Malware That Relies on HTTP Status Codes to Target Diplomatic Groups Across Europe

Security researchers from Kaspersky have identified a new version of the COMpfun malware from the Russian hacking group Turla that controls infected hosts using a mechanism that relies on HTTP status codes. The attack has been deployed against diplomatic groups across Europe by the state-sponsored actor, which has a history of using innovative techniques. The COMpfun malware, which is a classic remote access trojan (RAT) that infects victims and then collects system data, logs keystrokes and takes screenshots of the user’s desktop. All collected data is exfiltrated to a remote C&C server. The new version used by Turla also adds the ability to monitor when USB removable devices are connected to an infected host, and then propagate itself to the new device as well as the new HTTP status code mechanism.

Related: Threatpost,,

Tweets:@campuscodi @campuscodi

April 14, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Dell Releases Free Security Tool to Detect Attacks Attempting to Modify Machine’s BIOS Component

Computer giant Dell released a new security tool called the Dell SafeBIOS Events & Indicators of Attack that detects attacks attempting to modify a computer’s BIOS component. The goal is to give system administrators the ability to isolate workstations that may have been compromised, to be set aside for remediation, and will be provided for free to all its enterprise customers. It has already been made available for download as part of the Dell Trusted Device solution.