Search Results for “Wired”


May 31, 2019
Andy Greenberg / Wired

Andy Greenberg / Wired  
Microsoft Warns Users Yet Again to Patch BlueKeep Wormable Bug as More Proof-of-Concepts Float Around

The BlueKeep bug, a hackable vulnerability in Microsoft’s Remote Desktop Protocol, or RDP, that affects Windows 7 and earlier as well as older versions of Windows Server, is dangerously close to becoming a contagious worm, with Microsoft warning companies again to patch their older systems for the flaw even as nearly a million PCs remain susceptible to it. Moreover, proof of concepts of the flaw have been floated online. Zerodium, a firm that buys and sells hacking tools, boasted it had confirmed exploitability within one day of Microsoft’s announcement and security firm McAfee confirming that it has developed a full exploit for BlueKeep. Security researcher Marcus Hutchins, who gained fame for identifying the “kill switch” in the WannaCry worm, says he was able to develop his own RCE (remote code execution) exploit for the BlueKeep bug in about a week of full-time work but only for XP so far.

Related: PCMag.com, SPAMfighter News, DataBreachToday.comTechCrunch, ZDNet Security, CTOvision.com, Reddit-hacking, SecurityWeek, , BleepingComputer.com, TechNet Blogs, The Register – Security, MobileSyrup.com, ExtremeTech, HotHardware.comArs TechnicaBleepingComputer.com, Security Affairs, Talos Blog, Cisco Blog, Reddit-hackingGBHackers On Security, Rapid7, MalwareTech

Tweets: @maryjofoley, @campuscodi,,@Raj_Samani, @a_greenberg, @zackwhittaker, @dangoodin001, @ankit_anubhav, @MalwareTechBlog 

PCMag.com: 1 Million Windows Systems Remain Vulnerable to ‘Wormable’ Flaw
SPAMfighter News: A million PCs susceptible to BlueKeep vulnerability of Microsoft
DataBreachToday.com: Microsoft Sounds Second Alarm Over BlueKeep Vulnerability
TechCrunch: Microsoft warns users to patch as exploits for ‘wormable’ BlueKeep bug appear
ZDNet Security: Microsoft issues second warning about patching BlueKeep as PoC code goes public
CTOvision.com: Microsoft issues second warning about patching BlueKeep as PoC code goes public
Reddit-hacking: Almost one million Windows systems vulnerable to BlueKeep (CVE-2019-0708)
SecurityWeek: Microsoft Reminds Users to Patch Wormable ‘BlueKeep’ Vulnerability
BleepingComputer.com: Microsoft Warns Users Again to Patch Wormable BlueKeep Flaw
TechNet Blogs: A Reminder to Update Your Systems to Prevent a Worm
The Register – Security: Two weeks after Microsoft warned of Windows RDP worms, a million internet-facing boxes still vulnerable
@campuscodi: Microsoft issues second warning about patching BlueKeep as PoC code goes public https://t.co/I61CKkA6Wm https://t.co/BHwPO2HyZK
@maryjofoley: ICYMI: Microsoft issues second warning about patching older Windows systems against RDP/ BlueKeep vulnerability: https://www.zdnet.com/article/microsoft-issues-second-warning-about-patching-bluekeep-as-poc-code-goes-public/ … (by ZDNet’s @campuscodi)
@Raj_Samani: At the current rate of patching for #BlueKeep “it would take ten years for all the remaining vulnerable machines to be patched.” https://www.wired.com/story/microsoft-bluekeep-patched-too-slow/ … #cybersecurity #infosec
@a_greenberg: When @ErrataRob scanned for machines left unpatched against BlueKeep Monday, he found 923,000. 48 hours later, found that only a thousand of those had been patched. At that rate, the vast majority of these computers won’t be patched before a worm hits.
@zackwhittaker: Microsoft is “confident” exploits exist for the wormable BlueKeep attack and is urging users to patch their systems to prevent another WannaCry-style ransomware attack.
@dangoodin001: Microsoft says it’s confident an exploit exists for wormable BlueKeep flaw
@ankit_anubhav: : Seems that #BlueKeep CVE-2019-0708 code is now also on @ExploitDB EDB 46946 https://www.exploit-db.com/exploits/46946
@MalwareTechBlog: Analysis of CVE-2019-0708 (BlueKeep) 
Reddit-hacking: Almost one million Windows systems vulnerable to BlueKeep (CVE-2019-0708)
GBHackers On Security: Microsoft Warned Second Time to Update Windows for Bluekeep RDP Flaw – Exploits Already Available in Hackers Hand
Rapid7: Metasploit Wrap-Up
MalwareTech: Analysis of CVE-2019-0708 (BlueKeep)


June 17, 2019
Andy Greenberg / Wired

Andy Greenberg / Wired  
Cellebrite Unveils New Version of Its iOS Phone Unlocking Device, UFED Premium, as Competition to Sell Cracking Technology to Police Heats Up

Israeli forensics firm and law enforcement contractor Cellebrite publicly announced a new version of its product known as a Universal Forensic Extraction Device or UFED, one that it’s calling UFED Premium, which the company says can unlock any iOS device for police authorities. Cellebrite says UFED Premium can also extract files from many recent Android phones as well, including the Samsung Galaxy S9. The very public marketing of this new capability by Cellebrite may reflect heated competition among phone cracking technology companies, which includes rivals NSO Group and Grayshift, vying for market sharing among police authorities. As is true with GrayKey made by Grayshift, the new UFED Premium will be sold as an “on-premises” tool, allowing police to buy the company’s hacking device and use it themselves.

Related: HotHardware.com, Digital Trends, iPhone Hacks, iClarified, Techradar, IT Wire, Cult of Mac, Phone Arena, Apple Insider, Cellebrite


June 18, 2019
Lily Hay Newman / Wired

Lily Hay Newman / Wired  
MongoDB Unveils Field Level Encryption Scheme Aimed at Reducing Data Breaches and Exposures

A new database encryption scheme aimed at reducing data breaches and exposures called Field Level Encryption has been developed by researchers from database giant MongoDB. The method functions like end-to-end encrypted messaging, with the client-side databases using Field Level Encryption requiring a system login as well as specific keys to process and decrypt specific chunks of data locally on a user’s device as needed. MongoDB itself and cloud providers that use Field Level Encryption won’t be able to access the customers’ data and neither will database administrators or remote managers. Although end users will still be capable of being hacked and having their data exposed, a hacker who steals an administrative username and password, or finds a software vulnerability that gives them system access, won’t be able to use these holes to access readable data.

February 18, 2020
Andy Greenberg / Wired

Andy Greenberg / Wired  
Unsigned Firmware in Computer Peripherals Threatens the Security of Hundreds of Millions of Computers Around the World

Researchers at Eclypsium discovered unsigned firmware in WiFi adapters, USB hubs, trackpads, and cameras used in computers from Lenovo, Dell, HP, and other significant manufacturers that could allow a successful attack on a server via a network interface card. Unsigned code lacks any cryptographic verification and could be rewritten without any security check, leaving components and PC peripherals connected to and inside of hundreds of millions of computers around the world unprotected against data exfiltration, operation disruption, and ransomware attacks. This kind of firmware hacking could hide in obscure components, making detection and mitigation nearly impossible, the researchers say. Eclypsium focused on five specific components in its research: touchpad and track points in Lenovo laptops, webcams found in HP laptops, WiFi adapters from Dell laptops, a Via Labs USB hub, and a Broadcom network interface card. The issue stems from problems in the supply chain, with suppliers of peripheral components less likely than PC makers to lock down their firmware.

Related: Threatpost, Bleeping Computer, Eclypsium, ZDNet, HotHardware.com, CSO Online, Reddit – cybersecurity, SecurityWeek,  Enterprise Times, Slashdot

Tweets:@a_greenberg


June 3, 2019
Andy Greenberg / Wired

Andy Greenberg / Wired  
macOS Security Prompts Can Be Bypassed Using ‘Synthetic Clicks’ Designed for Automation, Accessibility for Disabled Users

Any piece of automated malware can exploit a feature of macOS known as “synthetic clicks” to bypass security prompts, allowing attackers to gain access to the computer’s camera, microphone, location data, contacts, messages, and even in some cases to alter its kernel, adding malicious code to the deepest part of the operating system, security researcher Patrick Wardle discovered. Synthetic clicks are generated by a program and have been a tool for automation as well as accessibility for disabled users. But some applications, such as VLC, Adobe Dreamweaver, Steam, are whitelisted or included by default on macOS and can use synthetic clicks without requiring the user’s pre-approval. Wardle figured out a way to trick macOS into treating his own malware as a part of the whitelisted applications. In order for Wardle’s exploit to work, however, an attacker would need to already have remote access to a victim machine or have installed a malicious application.

Related: The Register – Security, TechCrunch, ZDNetSecurityWeek, The Mac Observer

Tweets: @zackwhittaker, @campuscodi, @a_greenberg


February 11, 2020
Lily Hay Newman / Wired

Lily Hay Newman / Wired  
Google Will Give Political Campaigns Free Titan Security Keys to Help Secure Their GSuite Accounts

Google announced new efforts to help campaigns secure their GSuite accounts through the Advanced Protection program, complete with free Titan security keys for multi-factor authentication. To boost the campaign’s security, Google is working in conjunction with the nonprofit Defending Digital Campaigns, which will interact with political groups and distribute the free keys. The new efforts are viewed as the means for helping to prevent account takeovers affecting political campaigns.

May 29, 2019
Lily Hay Newman / Wired

Lily Hay Newman / Wired  
Inauthentic Pro-Iranian Social Media Accounts Spread Fake News Ahead of 2018 Midterm Elections, Impersonated Politicians and Pushed Views to Mainstream Media

A network of inauthentic English-language social media accounts, particularly Twitter accounts, were created around the 2018 midterm elections, between April 2018 and March 2019, according to security firm FireEye, a finding which follows their discovery, reported last August, of an Iranian influence operation leveraging networks of inauthentic news sites and social media accounts aimed at audiences around the world. This latest pro-Iranian disinformation operation was largely focused on promoting “anti-Saudi, anti-Israeli, and pro-Palestinian themes.” As a result of FireEye’s latest findings, Facebook announced a takedown of 51 Facebook accounts, 36 Facebook pages, seven Facebook groups and three Instagram accounts that it says were all involved in coordinated “inauthentic behavior” which the social media network said stemmed from Iran. The fake personas FireEye tracked also launched multi-pronged influence efforts against English-language media outlets. Some of the fake Twitter accounts impersonated politicians and the inauthentic accounts promoted both progressive and conservative views, directly impersonating people’s online accounts, and even getting their views published in US and Israeli mainstream media.

Related: Reuters, Financial Times, Cyberscoop, Algemeiner.com, SecurityWeek,  NBC News Top Stories, Digital Journal, Threat Research BlogPCMag.comBoing Boing


February 6, 2020
Lily Hay Newman / Wired

Lily Hay Newman / Wired  
Five Critical Zero-Day Flaws in Cisco’s Discovery Protocol Can Allow Remote Attackers to Take Over Tens of Millions of Enterprise Devices

Five critical, zero-day vulnerabilities in various implementations of the Cisco Discovery Protocol (CDP) can allow remote attackers to completely take over devices, like desk phones, web cameras, and network switches, without any user interaction, researchers at Armis discovered. CDP is a Cisco proprietary Layer 2 (Data Link Layer) network protocol that is used to discover information about locally attached Cisco equipment and is implemented in virtually all Cisco products. Armis calls its discovery of these flaws CDPwn.  Four of the five vulnerabilities are remote code execution (RCE) vulnerabilities while one is a Denial of Service (DoS) vulnerability. Armis disclosed the vulnerabilities to Cisco on August 29, 2019, and has worked with them since to develop and test mitigations and patches.

Related: CERT Recently Published Vulnerability Notes, Tenable Blog, CyberscoopForescout, ZDNet Security, IT News, Network World Security, SecurityWeek, BleepingComputer.com, Computer Business Review, The Hacker News, Threatpost, Help Net Security, ZDNet Security, Reddit – cybersecurity, SiliconANGLE, The Register

CERT Recently Published Vulnerability Notes: VU#261385: Cisco Discovery Protocol (CDP) enabled devices are vulnerable to denial-of-service and remote code execution
Tenable Blog: CDPwn: Cisco Discovery Protocol Vulnerabilities Disclosed by Researchers
Cyberscoop: 5 new vulnerabilities expose the ‘backbone’ of an enterprise network to data theft
Forescout: CDPwn: Cisco Discovery Protocol Falls to Researcher Scrutiny
ZDNet Security: CDPwn vulnerabilities impact tens of millions of enterprise devices
IT News : Cisco patches ‘CDPwn’ bug affecting tens of millions of devices
Network World Security: Cisco patches a security glitch affecting routers, switches and phones
SecurityWeek: Cisco Discovery Protocol Flaws Expose Tens of Millions of Devices to Attacks
BleepingComputer.com: Cisco Patches Critical CDP Flaws Affecting Millions of Devices
Computer Business Review: Cisco Discovery Protocol is Riddled with Security Holes: Businesses Urged to Patch Troubling Flaws
The Hacker News: 5 High Impact Flaws Affect Cisco Routers, Switches, IP Phones and Cameras
Threatpost: Critical Cisco ‘CDPwn’ Flaws Break Network Segmentation
Help Net Security: CDPwn vulnerabilities open millions of Cisco enterprise devices to attack
Armis: CDPwn
ZDNet Security: CDPwn vulnerabilities impact tens of millions of enterprise devices
Reddit – cybersecurity: CDPwn Cisco RCE vulnerability affecting millions of devices
SiliconANGLE: ‘Virtually all’ Cisco devices vulnerable to critical new CDPwn exploits
The Register : ‘Tens of millions’ of Cisco devices vulnerable to CDPwn flaws: Network segmentation blown apart by security bugs


February 4, 2020
Andy Greenberg / Wired

Andy Greenberg / Wired  
EKANS Industrial Control Ransomware Terminates Dozens of Software Processes on Victim Computers

A malware sample called Snake or EKANS has surfaced that uses specific knowledge of control systems to kill the target’s software processes, encrypt the underlying data, and hold it for ransom, researchers at security firms including Sentinel One and Dragos say. Like other ransomware, EKANS encrypts data and displays a note to victims demanding payment to release it. Unlike other ransomware, however, EKANS is designed to terminate 64 different software processes on victim computers, including many that are specific to industrial control systems. It’s not yet clear if a nation-state or cybercriminals developed EKANS, but it is clear that industrial control systems make natural targets for ransomware, researchers at Sentinel One say.

May 22, 2019
Lily Hay Newman / Wired

Lily Hay Newman / Wired  
Google Kept Some Enterprise G Suite Customers’ Passwords Stored in Plaintext Since 2005

Google announced that it recently notified a subset of its enterprise G Suite customers that some passwords were stored in its encrypted internal systems in plaintext an issue that affects business users only and does not affect individual consumer accounts. A bug in G Suite’s password recovery feature for administrators, one that has been in existence since 2005, caused unprotected passwords to be stored in the infrastructure of a control panel, called the admin console. Google disabled the features that contained the bug. Google is notifying G Suite administrators and will automatically reset any passwords that haven’t already been changed.

Related: CNET, SecurityWeek, BleepingComputer.com, The Register – Security, TechCrunch, Cyberscoop, Slashdot, Gizmodo, ZDNet Security, Google Cloud, Mercury News, GizmodofossBytes, Mashable, Help Net Security, GBHackers On Security, NeowinNDTV Gadgets360.comSilicon Republic, IT Pro, The Next Web, Tech Insider, The Hacker News

CNET: Google had some passwords stored in plaintext for more than a decade
SecurityWeek: Google Warns G Suite Customers of Passwords Stored Unhashed
BleepingComputer.com: Google Stored Unhashed G Suite Passwords for Over a Decade
The Register – Security: G Suite’n’sour: Google resets passwords after storing some unhashed creds for months, years
TechCrunch: Google says some G Suite user passwords were stored in plaintext since 2005
Tech Insider: Google kept unencrypted, plaintext copies of some G suite business customer passwords on its servers for more than ten years (GOOG, GOOGL)
Cyberscoop: Google: We’ve been storing some enterprise customer passwords in plaintext since 2005
Slashdot: Google Says Some G Suite User Passwords Were Stored In Plaintext Since 2005
Gizmodo: Google Failed to Fully Secure G Suite Passwords For 14 Years
ZDNet Security: Google says it stored some G Suite passwords in unhashed form for 14 years
Google Cloud: Notifying administrators about unhashed password storage
Mercury News: Google kept some users’ passwords in plain text for 14 years
Gizmodo: Google Failed to Fully Secure G Suite Passwords For 14 Years
fossBytes: Google Disappoints Yet Again: Stored Some Passwords In Plain Text For 14 Years
Mashable: Google stored some users’ passwords in plain text for years
Help Net Security: Google has been storing unhashed G Suite customer passwords
GBHackers On Security: Google Stored G Suite Customer Password in Plain Text Since 2005
Neowin: Google admits to storing some G Suite user passwords in plaintext since 2005
NDTV Gadgets360.com: Google Apologises for Saving Some G Suite Passwords in Plain Text for Over a Decade
Silicon Republic: Google stored user passwords in plaintext for 14 years
IT Pro: G Suite passwords stored in plain text for 14 years
The Next Web: Google stored some G Suite passwords in plaintext for 14 years
Tech Insider: Google kept unencrypted, plaintext copies of some G suite business customer passwords on its servers for more than ten years (GOOG, GOOGL)
The Hacker News: Google Stored G Suite Users’ Passwords in Plain-Text for 14 Years