Search Results for “Sergiu Gatlan”


March 10, 2020
Sergiu Gatlan / Bleeping Computer

Sergiu Gatlan / Bleeping Computer  
New ‘Load Value Injection’ Attack Against Intel Processors Can Allow Attackers to Inject, Steal Data

A new attack technique dubbed LVI (short for Load Value Injection) and tracked as CVE-2020-0551 against modern Intel processors can allow threat actors to inject malicious data into applications via transient-execution attacks and steal sensitive data, according to a group of researchers. The researchers are from Worcester Polytechnic Institute, imec-DistriNet/KU Leuven, Graz University of Technology, University of Michigan, University of Adelaide, and Data61. Bitdefender researchers also independently discovered one variant of attack in the LVI class (LVI-LFB) and reported it to Intel in February 2020. LVI allows attackers to change the normal execution of programs to steal data, including sensitive data such as passwords or private keys, that are usually meant to be kept private within SGX enclaves (Intel’s Software Guard eXtensions (SGX)). The attack, however, is a complex one entailing several prerequisites. Intel said it does not believe LVI is a practical method in real-world environments.

Related: ZDNet, Reddit – cybersecurity, Intel, The Hacker News, The Register – Security, SecurityWeek, WCCFtech, Computer Business Review, CRN, TechCrunch, TechJuice, Bitdefender, LVI Attack, Intel

Tweets:@TheHackersNews


March 12, 2020
Sergiu Gatlan / Bleeping Computer

Sergiu Gatlan / Bleeping Computer  
Microsoft Issues Patch for RCE SMBv3 Wormable Bug Leaked Earlier This Week

Microsoft released the KB4551762 security update to patch the pre-auth RCE Windows 10 vulnerability found in Microsoft Server Message Block 3.1.1 (SMBv3), two days after leaking the flaw as part of its March 2020 Patch Tuesday releases.  The KB4551762 security update tracked as CVE-2020-0796 addresses “a network communication protocol issue that provides shared access to files, printers, and serial ports,” Microsoft said in its security update. The vulnerability, dubbed SMBGhost or EternalDarkness, only impacts devices running Windows 10, version 1903 and 1909, and Windows Server Server Core installations, versions 1903 and 1909.

Related: Sophos News, Heimdal Security Blog, SC Magazine, Computer Business Review, TechNadu, ZDNet Security, Dark Reading, CERT Recently Published Vulnerability Notes, Rapid7, The Hacker News, Microsoft


July 30, 2019
Sergiu Gatlan / Bleeping Computer

Sergiu Gatlan / Bleeping Computer  
New Ransomware Family ‘FileCoder’ Uses SMS Messages to Spread Itself to Android Devices, Promises Free Sex Simulator Online Game

A new ransomware family, dubbed Android/Filecoder.C (FileCoder), targets Android devices 5.1 and higher and spreads to other victims by sending text messages containing malicious links to the entire contact list found on infected targets, researchers at ESET say. After the ransomware sends the SMS messages, it encrypts most files on the users’ phones and requests a ransom in Bitcoin. However, due to the flawed encryption currently used, it’s possible to decrypt the affected files without any assistance from the attacker. The malware was first spotted on July 12 with the attackers distributing their malicious payload via posts made on Reddit and on the XDA Developers mobile software development community. As a lure to installing the ransomware, those posts “promotes” the malicious app as a free sex simulator online game.

March 25, 2020
Sergiu Gatlan / Bleeping Computer

Sergiu Gatlan / Bleeping Computer  
General Electric Says Sensitive Data on Current and Former Employees Were Stolen During Breach at Canon Subsidiary

General Electric (GE) disclosed that personally identifiable information of current and former employees, as well as beneficiaries, was exposed in a security incident experienced by one of GE’s service providers, Canon Business Process Services (Canon). One of Canon’s employees had their email accounts breached by an unauthorized party in February, the company said in a notice of data breach filed with the Office of the California Attorney General. GE also states that the sensitive personal information exposed during the incident was uploaded by or for current and former GE employees, as well as “beneficiaries entitled to benefits in connection with Canon’s workflow routing service.” A wide range of sensitive personal data was exposed during the breach including not only names, social security numbers, and addresses but also direct deposit forms, driver’s licenses, passports, birth certificates, marriage certificates, death certificates, medical child support orders, tax withholding forms, beneficiary designation forms and applications for benefits such as retirement and much more. Canon is offering identity protection and credit monitoring services to affected individuals for two years at no cost through Experian.

March 27, 2020
Sergiu Gatlan / Bleeping Computer

Sergiu Gatlan / Bleeping Computer  
Unpatched Security Vulnerability in iOS Blocks VPNs From Encrypting All Traffic, Can Lead to Exposure of User Data, IP Address Leaks

ProtonVPN has disclosed that a currently unpatched security vulnerability affecting iOS 13.3.1 or later prevents virtual private networks (VPNs) from encrypting all traffic and can lead to some Internet connections bypassing VPN encryption to expose users’ data or leak their IP addresses. Although connections made after connecting to a VPN on an iOS device are not affected by this bug, all previously established connections will remain outside the VPN’s secure tunnel. “Neither ProtonVPN nor any other VPN service can provide a workaround for this issue because iOS does not permit a VPN app to kill existing network connections,” Proton VPN said, people in countries where surveillance and civil rights abuses are common most at risk from the flaw.

Related: iDownloadblog, The Mac Observer, AppleInsider, Privacy Online News, Phone Hacks, ProtonVPN

Tweets:@MiamiTechNews @ProtonVPN


March 30, 2020
Sergiu Gatlan / Bleeping Computer

Sergiu Gatlan / Bleeping Computer  
Zeus Sphinx Banking Trojan Comes Back as Part of Coronavirus-Themed Phishing Campaign

After a three-year hiatus, the Zeus Sphinx banking Trojan  (also known as Zloader and Terdot) recently resurfaced as part of a coronavirus-themed phishing campaign, the most common theme behind most attacks by far during the current pandemic, IBM X-Force researchers said. This campaign uses phishing emails that come with malicious documents designed to look like documents with information on government relief payments. As is true of previous campaigns, this campaign focuses on targets who use major banks from the US, Canada, and Australia.

April 2, 2020
Sergiu Gatlan / Bleeping Computer

Sergiu Gatlan / Bleeping Computer  
Hackers Are Brute-Forcing Vulnerable Microsoft SQL Servers to Install Cryptominers, Backdoors in ‘Vollgar’ Campaign

Hackers have been brute-forcing between 2,000 and 3,000 vulnerable Microsoft SQL (MSSQL) servers daily to install cryptominers and remote access Trojans (RATs) since May 2018, researchers at Guardicore report.  The campaign has been dubbed Vollgar because the crypto-mining scripts it deploys on compromised MSSQL will mine for Monero (XMR) and Vollar (VDS) cryptocurrency. The affected MSSQL servers are mostly those with weak credentials. Guardicore, therefore, advises users not to expose MSSQL database servers to the Internet, as well as to use segmentation and whitelist access policies to make them accessible only to specific machines on an organization’s network.

Related: The Hacker News, Security Affairs, CSO Online, Decrypt, GuardiCore

Tweets:@OphirHarpaz


Sergiu Gatlan / Bleeping Computer

Sergiu Gatlan / Bleeping Computer  
Cloudflare Introduces New Privacy-Focused DNS Resolver 1.1.1.1 for Families to Help Safeguard Children’s Online Security and Privacy

Cloudflare introduced a new tool called 1.1.1.1 for Families, which it touts is the easiest way to add a layer of protection to home networks and protect them from malware and adult content. It is a privacy-focused DNS resolver designed to help parents in their efforts to safeguard their children’s online security and privacy by automatically filtering out bad sites. 1.1.1.1 for Families comes with two options: the first one will automatically block malware content only, while the second is designed to prevent both malware and adult content from reaching your children while they browse the web.

Related: How-To Geek, The Register – Security, Slashdot, ZDNet, Android Police, BetaNews, SlashGear, gHacks, Cloudflare

Tweets:@Cloudflare


February 5, 2020
Sergiu Gatlan / Bleeping Computer

Sergiu Gatlan / Bleeping Computer  
Google Releases Chrome 80 With 56 Security Fixes, New Secure-by-Default Cookie Classification and Mixed Content Auto-Upgraded to HTTPS

Google released Chrome 80 to the Stable desktop channel for the Windows, macOS, Linux, Chrome OS, iOS, and Android platforms with bug fixes, new features, and 56 security fixes. Among the new features are a new secure-by-default cookie classification system, auto-upgraded mixed content, text URL fragments, SVG favicons. The most noteworthy of all the security changes is the secure-by-default system, which is designed to treat cookies without a SameSite value SameSite=Lax cookies. Now, only cookies set as SameSite=None; Secure will be available in third-party contexts, with the condition of being accessed from secure connections. Firefox also plans to make this new behavior a default in the future. Chrome 80 also auto-upgrades optionally-blockable mixed content (HTTP content in HTTPS sites) by automatically rewriting the URL to HTTPS, without providing an HTTP fallback and blocking them by default if they fail to load over https://.

Sergiu Gatlan / Bleeping Computer

Sergiu Gatlan / Bleeping Computer  
FBI Said a DDoS Attack Targeted a State-Level Voter Registration and Information Site

In a Private Industry Notification (PIN) released today, the Federal Bureau of Investigation (FBI) warned of a potential Distributed Denial of Service (DDoS) attack that targeted a state-level voter registration and information site. The PIN said a state-level voter registration and voter information website received anomalous Domain Name System (DNS) server requests consistent with a Pseudo-Random Subdomain (PRSD) attack, a type of DDoS attack used by threat actors to disrupt DNS record lookups by flooding a DNS server with large amounts of DNS queries against non-existing subdomains. The state voter registration site was not affected by the attack due to properly set up rate-limiting on the target’s DNS servers. “The requests occurred over the course of at least one month in intervals of approximately two hours, with request frequency- peaking around 200,000 DNS requests during a period of time when less than 15,000 requests were typical for the targeted website,” the FBI said in the PIN. During a sample three minute window, 24 IP addresses used by recursive DNS servers made 2,121 DNS requests.